The story began with the fact that he called the technical support of the provider about the sudden speed of the Internet. The technician replied that viruses or a network card might be to blame. I doubted this by saying that I had recently checked the system with a scanner from Kaspersky Virus Removal Tool - the system is clean. But still checked again through AVZ - clean. Then I decided to install the normal Comodo Firewall firewall (before that, Microsoft Security Essentials was installed - it does not have a firewall, as there is a windows firewall). As soon as I set it up, he began to issue requests for permission / prohibition of incoming connections from strange ip-addresses to port 445 and 135. Google says that ip-addresses are from Georgia and Bulgaria. I have banned connections. What I write below is written after rebooting the system. The fact is that when I wrote this, the antivirus suddenly issued a message that it no longer works and after a few seconds the system arbitrarily rebooted. The system until this moment worked stably and this was not observed. Additional Information:

  • Windows 7 SP1 x64
  • UAC - enabled
  • system update enabled
  • firewall turned off
  • system is logged in as an administrator
  • antivirus - microsoft security essentials
  • Firewall - Comodo Firewall 6.0

    2 answers 2

    Attacks from the Internet in principle is a common thing. If you are not deliberately hacked, then you can not bother. If you had been hacked by a pro, he would not have made so many attempts. Maybe a virus in the system, and the antivirus does not see it. Can worm knock.

    But in my opinion, this is not an attacker attacking, it’s a virus on your computer. using the vulnerability of the operating system, penetrates the computer and starts to perform similar actions from the newly infected computer.

    • Thank. But paranoia made me remove MSE + Comodo Firewall. Put KIS 2012 (trial period yet). KIS for some reason stubbornly silent. Although I set the increased level of danger in the settings. - Ghringo

    IMHO

    1. To get started, use the CureIt utility from DrWEB , it is EXTREMELY desirable in safe mode.
    2. then abandon Melco $ soft and "good cast", presumably in favor of ESET NOD32.
    3. In the future, again, strictly IMHO, to abandon the creations of Melko $ soft in general, in favor of the same Ubuntu, for example ...
    4. If it is possible to ensure the security of the network from intruders, use specialized software such as Kerio, for example ... Install a separate machine between the network and the modem / router.

    Threat Please do not accuse of advertising, all the recommendations - from my own experience.