rajesh_chd Posted June 6, 2011 Report Share Posted June 6, 2011 Thanks for excellent free anti virus. I installed it a few months back and it was working fine. Though a few days back I applied a rule to my D-Link router's firewall to block all UDP packets except to the DNS Server. Since then I am receiving these entries in my log Jun 6 15:55:07 | Drop UDP packet from LAN (src:192.168.1.221:58665, dst:174.129.28.78:53) by firewall rule. Jun 6 15:55:04 | Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:55:01 | Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:54:16 | Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule. Jun 6 15:54:13 | Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule. Jun 6 15:54:10 | Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:54:07 | Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:53:21 | Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule. Jun 6 15:53:18 | Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule. Jun 6 15:53:15 | Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:53:12 | Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:52:27 | Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule. Jun 6 15:52:24 | Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule. Jun 6 15:52:21 | Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:52:18 | Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:51:33 | Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule. Jun 6 15:51:30 | Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule. Jun 6 15:51:27 | Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule. Jun 6 15:51:24 | Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule. On IP Lookup I found that this address is of amazon.com. A bit concerned, I used tcpview utility to see the active connections and found out that agent.exe is sending these packets. I believe agent.exe belongs to immunet. I want to uninstall the immunet but could not find a link to uninstall. I tried to uninstall it using ccleaner but that hanged in between. Now I have 2 questions 1. Why these UDP packets need to go to amazon.com? 2. How to uninstall immunet? Additional information O/S : Windows 7 professional Immunet version : 2.0.17.48 Thanks Rajesh Link to comment Share on other sites More sharing options...
Guest Orlando Posted June 6, 2011 Report Share Posted June 6, 2011 Hi Rajesh, The IP address associated with amazon.com is : 72.21.194.1 (you can found it here), but I can't help you a lot on this point. For remove Immunet, please use Immunet Protect Removal Tool, and it will do it automatic or run this C:\Program Files\Immunet Protect\2.0.17\uninstall.exe If there are any problems, tell me. Orlando Link to comment Share on other sites More sharing options...
millard@immunet.com Posted June 6, 2011 Report Share Posted June 6, 2011 Today Immunet uses Amazon for it's infrastructure. That may change in the future. There has been some protocol changes in 3.0.2: http://forum.immunet.com/index.php?/topic/1104-immunet-302-beta-available/ As for uninstall, there is usually a file in C:\Program Files\Immunet Protect\2.0.17\uninstall.exe or the tool that Orlando pointed out. Link to comment Share on other sites More sharing options...
sweidre Posted June 6, 2011 Report Share Posted June 6, 2011 IP Address Strand: 174.129.28 ShareThis http://www.plotip.com/ip/174.129.28 This IP belongs to Amazon.com,inc., Seattle, Washington, US! Cheers, sweidre Link to comment Share on other sites More sharing options...
rajesh_chd Posted June 7, 2011 Author Report Share Posted June 7, 2011 Thanks everyone for responding. I tried to uninstall Immunet as per instructions. Here are the outcomes 1. uninstall.exe : Still hangs at "Cleanup agents", does not uninstall 2. Uninstall utility : Avira does not allow to open the downloaded file. Avira recognized this as some backdoor trojan. Link to comment Share on other sites More sharing options...
ritchie58 Posted June 7, 2011 Report Share Posted June 7, 2011 Some anti-virus software will recognize the Immunet Removal Tool as malware. This is a false positive. If you add the removal tool's .exe file to Avira's exclusion list or just temporally disable Avira the uninstaller should work. Link to comment Share on other sites More sharing options...
Guest Orlando Posted June 7, 2011 Report Share Posted June 7, 2011 Hi again Rajesh, First open services (START --> in the searchbar type "services.exe" and press enter) in the services stop Immunet Protect Service and open your Task Manager ctrl+shift+esc search iptray.exe and agent.exe and end them. Then run again the uninstall.exe About Immunet Protect Removal Tool, as ritchie58 said, it's a False Positive, so you can disable your Avira product when you use it. Orlando Link to comment Share on other sites More sharing options...
Rob.T Posted June 7, 2011 Report Share Posted June 7, 2011 Hi Rajesh, try Revo Uninstaller (http://www.revouninstaller.com). I used it to uninstall a corrupted Immunet 2.0.16 installation yesterday and it did a fairly good job: 1) Open an elevated cmd prompt and run "net stop immunetprotect" and "taskkill /IM iptray.exe" 2) Use Revo to uninstall immunet, rebooting as required. Skip the second step where it tries Immunet's uninstaller (i.e. cancel/close Immunet's uninstaller before proceeding with Revo's step 3). 3) After revo is done, go to Add/Remove Programs and remove Immunet if it still exists. 4) Open an elevated cmd prompt and run "sc delete immunetprotect". Run "services.msc" and verify the service for Immunet/ClamAV has been deleted. 5) Done, reboot once more and reinstall the latest version of Immunet Link to comment Share on other sites More sharing options...
rajesh_chd Posted June 8, 2011 Author Report Share Posted June 8, 2011 Thanks for quick and nice support. I have removed old installation and currently downloading latest version(looks at RobT ). Though I would like to clear my doubts about UDP packets. I guess but not sure that these UDP packets are accessing amazon servers for virus signatures. If yes, then I will add rules to my firewall to allow UDP packets to amazon servers. Can someone please provide a list of IP addresses of Amazon servers. Thanks once again. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.