1 Reply Latest reply on Nov 9, 2011 12:47 PM by theflyingmonkey

    Updating problem please help

    theflyingmonkey

      I am sorry if my English is bad, but I was writing my post when it said I was logged out.

       

      So I am running XP Home Service Pack 3 with Internet Security. So eariler today I manually checked for updates and it installed 4 updates. My computer asked me to restart and I did. On the screen that usually says F2: Setup F12: Boot Menu. It said that the amount of system memory changed. So I pushed the power button and when I turned it back onm it said that it changed again and I check that I had my full amount of RAM again.

       

      So as the computer started up everything was really lagging amd opening task manager showed that mcshield.ese was using 345,000 in memusage. So I shutdown and started it again and this time the mem usage was about the same as always about 30,000 to 45,000. This was when I noticed something weird. When I went and clicked about in McAfee it said that the Security Center, Virus Scan, Firewall, and Anti-spam was updated. But I noticed that,the build number for the Security Center was still the same, which was 11.0.623. I can't be 100% sure but I think that the Firewall build was the same. If anyine could tell me roughly when build 11.0.623 for Security Center and build 12.0.245 for Firewall was released that would help, since why would it update the Security Center if the build number is the same.

       

      The next thing was when I was trying to clear my browsing history by going control panel -> security center -> internet option -> general tab -> delete, but the download like bar showing the history is being clear was lagging visually I believe. When I kept at it, it finally started to act as it normally did.

       

      After this, I went on to Firefox and it turned out that there was an update to 3.6.24, so I updated and I had the McAfee popup about how whether to allow Firefox or not since it changed. I allowed it since this was normal, but instead of being taken to the page about the new features in 3.6.24, I was taken to a page that said almost done, you need to download the most recent version. Which when I went to help -> about I have 3.6.24.

       

      So I went to pay for something with papal and I purchased a textbook through amazon using my credit card. After using payapl, I checked my yahoo email and about 2 or 3 minutes after sending my payment through paypal I got the email about how I sent a payment. So I quickly logged,onto paypal to check if my recent transaction was listed. After this I closed the browser and opened it again and went to google and google my university's homepage and it took 0.08 seconds. Since it seemed like my internet/computer was lagging.

       

      Finally I went to check McAfee's History and Logs and went to check the Incoming Events. This is where things get strange again. There was activity from the ip addresses 74.125.224.148, 74.125.224.145, 74.125.239.31, 74.125.239.13. When I typed in all of these ip address into my browser it took me to google. The thing was that the ip address ending in 148 was accessing TCP Port 1914, while the one ending in 145 was accessing TCP Port 1921, while the one ending in 31 was accessing 1922, and the last one was accessing 1873.

       

      The next couple of ip addresses didn't return a website when I typed it into my broswer and a reverse ip lookup through yougetsignal returned nothing. But the ip address were 72.235.6.8 accessing port 1432, 1430, 1429, the next two is what has me worried the most as the ports listed were listed to be used by worms and trojans by speedguide.net and pc-library. They are 72.235.63.17 accessing port 1434, and 72.235.63.16 acessing port 1435.

       

      Since I found this strange I ran netstat -anb and the only weird thing I found was the entry TCP 127.0.0.0: 1913 127.0.0.0: 5152 Pin_wait2 PID 1722 the line under this said can not obtain owner information or something. Right under,that,it said 127.0.0.0: 5152 127.0.0.0: 1913 fin_close PID 200 and under this was jqs.exe in [ ]. But when I checked my task manager, there wasn't a process with the PID 1722. I am not sure, but I remember that I read this is bad or something.

       

      What has me the most worried is that the Incoming Events listed the two dangerous ports at 2:49 and the last event was at 3:01:25, which was google at 3:01:25. Still I don't think that checking the logs and netstat took 15 minutes, this leads me to believe that the first two dangerous events may have happened when I was paying with my credit card and paypal.

       

      I am not sure why, but all of this weird and out of the oridanary behavior seemed to have happened after the McAfee update that caused my lagging and with the same build for Security center. Since the only thing I do on my XP is check my email, I know how it acts. And I have to say that I have never had any google events logged into the incoming events before. Even when I use google, as I actually normally don't get any activities logged into the Incoming Events.

       

      I am sorry about the long post, I am hoping that nothing happened to my credit card, paypal, or my computer.

       

      If any moderators or more technologically knowledgable users could help I would appreciate it as I am getting worried about all this strange behavior that isn't normal.

        • 1. Re: Updating problem please help
          theflyingmonkey

          I forgot to mention that when I meant that I usually don't have any activity.  What I mean is that for the pass month, whenever I check my email or use google to find my university's homepage, at the end when I am about to shutdown my computer.  I would check the incoming events and there would be nothing.

           

          However, this time I had enough events to cover one page minusing 3.  So if one page in the incoming events can hold 15 events, there was 12 events starting from 2:49 to 3:01:25.

           

          Again any help would be appreicated as all of these weird things happened after the McAfee updated to the same Security Center build and possibly the Firewall build

           

          Message was edited by: theflyingmonkey on 11/9/11 12:47:56 PM CST