Jump to content

Udp Packets


Recommended Posts

Thanks for excellent free anti virus. I installed it a few months back and it was working fine. Though a few days back I applied a rule to my D-Link router's firewall to block all UDP packets except to the DNS Server. Since then I am receiving these entries in my log

 

Jun  6 15:55:07  |  Drop UDP packet from LAN (src:192.168.1.221:58665, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:55:04  |  Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:55:01  |  Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:54:16  |  Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:54:13  |  Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:54:10  |  Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:54:07  |  Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:53:21  |  Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:53:18  |  Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:53:15  |  Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:53:12  |  Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:52:27  |  Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:52:24  |  Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:52:21  |  Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:52:18  |  Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:51:33  |  Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:51:30  |  Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:51:27  |  Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:51:24  |  Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule.

 

On IP Lookup I found that this address is of amazon.com. A bit concerned, I used tcpview utility to see the active connections and found out that agent.exe is sending these packets. I believe agent.exe belongs to immunet. I want to uninstall the immunet but could not find a link to uninstall. I tried to uninstall it using ccleaner but that hanged in between.

 

Now I have 2 questions

 

1. Why these UDP packets need to go to amazon.com?

2. How to uninstall immunet?

 

Additional information

 

O/S : Windows 7 professional

Immunet version : 2.0.17.48

 

 

Thanks

 

Rajesh

Link to comment
Share on other sites

Guest Orlando

Hi Rajesh,

 

The IP address associated with amazon.com is : 72.21.194.1 (you can found it here), but I can't help you a lot on this point.

 

For remove Immunet, please use Immunet Protect Removal Tool, and it will do it automatic or run this C:\Program Files\Immunet Protect\2.0.17\uninstall.exe

 

If there are any problems, tell me.

 

Orlando

Link to comment
Share on other sites

Today Immunet uses Amazon for it's infrastructure. That may change in the future. There has been some protocol changes in 3.0.2: http://forum.immunet.com/index.php?/topic/1104-immunet-302-beta-available/

As for uninstall, there is usually a file in C:\Program Files\Immunet Protect\2.0.17\uninstall.exe or the tool that Orlando pointed out.

Link to comment
Share on other sites

Thanks everyone for responding. I tried to uninstall Immunet as per instructions. Here are the outcomes

 

1. uninstall.exe : Still hangs at "Cleanup agents", does not uninstall

 

2. Uninstall utility : Avira does not allow to open the downloaded file. Avira recognized this as some backdoor trojan.

Link to comment
Share on other sites

Guest Orlando

Hi again Rajesh,

 

First open services (START --> in the searchbar type "services.exe" and press enter) in the services stop Immunet Protect Service and open your Task Manager ctrl+shift+esc search iptray.exe and agent.exe and end them. Then run again the uninstall.exe

 

About Immunet Protect Removal Tool, as ritchie58 said, it's a False Positive, so you can disable your Avira product when you use it.

 

Orlando

Link to comment
Share on other sites

Hi Rajesh, try Revo Uninstaller (http://www.revouninstaller.com). I used it to uninstall a corrupted Immunet 2.0.16 installation yesterday and it did a fairly good job:

 

1) Open an elevated cmd prompt and run "net stop immunetprotect" and "taskkill /IM iptray.exe"

2) Use Revo to uninstall immunet, rebooting as required. Skip the second step where it tries Immunet's uninstaller (i.e. cancel/close Immunet's uninstaller before proceeding with Revo's step 3).

3) After revo is done, go to Add/Remove Programs and remove Immunet if it still exists.

4) Open an elevated cmd prompt and run "sc delete immunetprotect". Run "services.msc" and verify the service for Immunet/ClamAV has been deleted.

5) Done, reboot once more and reinstall the latest version of Immunet ;)

Link to comment
Share on other sites

Thanks for quick and nice support. I have removed old installation and currently downloading latest version(looks at RobT :P). Though I would like to clear my doubts about UDP packets. I guess but not sure that these UDP packets are accessing amazon servers for virus signatures. If yes, then I will add rules to my firewall to allow UDP packets to amazon servers. Can someone please provide a list of IP addresses of Amazon servers. Thanks once again.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...