Okay so i installed this program called PeerBlock 1.1

What does this does is block connections that try to connect to your computer.

Well ive notice A LOT of blocks and im not downloading anything. My computer is just idleing right now.

So im getting all these connections here...

http://i23.photobucket.com/albums/b358/zero_1221/what-2.png


The weird one is photobucket, because i havent even used photobucket at all today.. till right now as im uploading these pics.

I looked up some of these ips, and some are from the UK, and some from Oakland, California.

Wtf is up?

Download wireshark and see what you are transferring to those IP's, if you get FTP account, then exploit the virus :) Easy as that.

akamai tech makes some addon for windows vista / 7 that accelerates streaming and website performance or something

its a download manager.. usually used to download adobe flash and adobe photoshop.. if u have those then most likely you had to download that to get them on your comp.. as for the edge one and photobucket.. uhh no clue what that is..

Most viruses install to HKCU / Software/Windows/Microsoft/CurrentVersion/Run and RunOnce.. use regedit to check.
Basically look for anything that stores itself in a temp folder or appdata or a hidden folder.. u can find out what folder they store themselves in by right clicking the regkey and pressing modify.. it'd show the folder.. u navigate to it and if u cant see it then its a virus for sure.

I think Akamai Technologies is a program called Ardamax keylogger? Not sure

Edit: Actually I don't think it is ... What firewall/anti-virus do you use?

I use Avira Premium

http://www.speedguide.net/port.php?port=9919&print=friendly

http://spyware.pcwash.com/trojans/tr_data/y1836.html

http://www.speedguide.net/port.php?port=9919&print=friendly

http://spyware.pcwash.com/trojans/tr_data/y1836.html

>botnet?

give me the IP of that akamai in your OP.. I did a ping on akamai.com and the IP doesn't match what u have up there though I know very few websites that actually have a range of IP's... its odd

Reply from 208.46.17.160: bytes=32 time=46ms TTL=55

thats the IP I got from the Ping to akamai.com

and if u ping www.akamai.com you get a different one like:
C:\Users\*******>ping www.akamai.com

Pinging a152.g.akamai.net [67.69.196.27] with 32 by
Reply from 67.69.196.27: bytes=32 time=21ms TTL=59
Reply from 67.69.196.27: bytes=32 time=21ms TTL=59
Reply from 67.69.196.27: bytes=32 time=22ms TTL=59
Reply from 67.69.196.27: bytes=32 time=20ms TTL=59

It has multiple IPs and u can't do a whois on it :c

its a download manager.. usually used to download adobe flash and adobe photoshop.. if u have those then most likely you had to download that to get them on your comp.. as for the edge one and photobucket.. uhh no clue what that is..

Most viruses install to HKCU / Software/Windows/Microsoft/CurrentVersion/Run and RunOnce.. use regedit to check.
Basically look for anything that stores itself in a temp folder or appdata or a hidden folder.. u can find out what folder they store themselves in by right clicking the regkey and pressing modify.. it'd show the folder.. u navigate to it and if u cant see it then its a virus for sure.

Most viruses don't put themselves to run or runonce, but instead infect other executables via hooks (e.g. CBT) or even make themselves drivers. I even know this one, which passes NDIS in kernel level to access directly NICs, so no soft-firewall on earth can detect it :)

Hey, I use also use PeerBlock. Don't sweat it. I am constantly getting connections denied on my computer. It is usually websites that have other websites' services on their websites. Download Wireshark as suggested and reboot your computer. Open up Wireshark and select your network card. Then type ip.addr == 192.168.1.x -- whatever your private IP is. Most likely there isn't anything much at all there.

give me the IP of that akamai in your OP.. I did a ping on akamai.com and the IP doesn't match what u have up there though I know very few websites that actually have a range of IP's... its odd

It has multiple IPs and u can't do a whois on it :c
You gotta be kidding me dude... you say you're good at networking stuff and don't even know what Akamai is? Akamai is a major CDN. You're also getting different IPs because of them using: load balancing, anycast networking, as well as DNS-based anycast.

I seriously hope you're not using PeerBlock to protect yourself when downloading.

akamai is known for paid per install so it might have been bundled with a program you installed. I also see your taking advantage of that vps trial ;)

I seriously hope you're not using PeerBlock to protect yourself when downloading.

Why not?

@kave I dont use VPS.

@PotentPk yea i agree been reading up on different forums seems pretty normal.


@ggzz already did that when i first started experiencing this, and didnt find anything in AppData folders or in my registry.

Seems like a false alarm.