Jump to content

Recommended Posts

Thanks for excellent free anti virus. I installed it a few months back and it was working fine. Though a few days back I applied a rule to my D-Link router's firewall to block all UDP packets except to the DNS Server. Since then I am receiving these entries in my log

 

Jun  6 15:55:07  |  Drop UDP packet from LAN (src:192.168.1.221:58665, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:55:04  |  Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:55:01  |  Drop UDP packet from LAN (src:192.168.1.221:58664, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:54:16  |  Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:54:13  |  Drop UDP packet from LAN (src:192.168.1.221:54783, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:54:10  |  Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:54:07  |  Drop UDP packet from LAN (src:192.168.1.221:54782, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:53:21  |  Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:53:18  |  Drop UDP packet from LAN (src:192.168.1.221:64958, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:53:15  |  Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:53:12  |  Drop UDP packet from LAN (src:192.168.1.221:64957, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:52:27  |  Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:52:24  |  Drop UDP packet from LAN (src:192.168.1.221:53217, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:52:21  |  Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:52:18  |  Drop UDP packet from LAN (src:192.168.1.221:53216, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:51:33  |  Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:51:30  |  Drop UDP packet from LAN (src:192.168.1.221:58625, dst:174.129.28.78:53) by firewall rule.
Jun  6 15:51:27  |  Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule.
Jun  6 15:51:24  |  Drop UDP packet from LAN (src:192.168.1.221:58624, dst:174.129.28.78:32137) by firewall rule.

 

On IP Lookup I found that this address is of amazon.com. A bit concerned, I used tcpview utility to see the active connections and found out that agent.exe is sending these packets. I believe agent.exe belongs to immunet. I want to uninstall the immunet but could not find a link to uninstall. I tried to uninstall it using ccleaner but that hanged in between.

 

Now I have 2 questions

 

1. Why these UDP packets need to go to amazon.com?

2. How to uninstall immunet?

 

Additional information

 

O/S : Windows 7 professional

Immunet version : 2.0.17.48

 

 

Thanks

 

Rajesh

Share this post


Link to post
Share on other sites
Guest Orlando

Hi Rajesh,

 

The IP address associated with amazon.com is : 72.21.194.1 (you can found it here), but I can't help you a lot on this point.

 

For remove Immunet, please use Immunet Protect Removal Tool, and it will do it automatic or run this C:\Program Files\Immunet Protect\2.0.17\uninstall.exe

 

If there are any problems, tell me.

 

Orlando

Share this post


Link to post
Share on other sites

Today Immunet uses Amazon for it's infrastructure. That may change in the future. There has been some protocol changes in 3.0.2: http://forum.immunet.com/index.php?/topic/1104-immunet-302-beta-available/

As for uninstall, there is usually a file in C:\Program Files\Immunet Protect\2.0.17\uninstall.exe or the tool that Orlando pointed out.

Share this post


Link to post
Share on other sites

Thanks everyone for responding. I tried to uninstall Immunet as per instructions. Here are the outcomes

 

1. uninstall.exe : Still hangs at "Cleanup agents", does not uninstall

 

2. Uninstall utility : Avira does not allow to open the downloaded file. Avira recognized this as some backdoor trojan.

Share this post


Link to post
Share on other sites

Some anti-virus software will recognize the Immunet Removal Tool as malware. This is a false positive. If you add the removal tool's .exe file to Avira's exclusion list or just temporally disable Avira the uninstaller should work.

Share this post


Link to post
Share on other sites
Guest Orlando

Hi again Rajesh,

 

First open services (START --> in the searchbar type "services.exe" and press enter) in the services stop Immunet Protect Service and open your Task Manager ctrl+shift+esc search iptray.exe and agent.exe and end them. Then run again the uninstall.exe

 

About Immunet Protect Removal Tool, as ritchie58 said, it's a False Positive, so you can disable your Avira product when you use it.

 

Orlando

Share this post


Link to post
Share on other sites

Hi Rajesh, try Revo Uninstaller (http://www.revouninstaller.com). I used it to uninstall a corrupted Immunet 2.0.16 installation yesterday and it did a fairly good job:

 

1) Open an elevated cmd prompt and run "net stop immunetprotect" and "taskkill /IM iptray.exe"

2) Use Revo to uninstall immunet, rebooting as required. Skip the second step where it tries Immunet's uninstaller (i.e. cancel/close Immunet's uninstaller before proceeding with Revo's step 3).

3) After revo is done, go to Add/Remove Programs and remove Immunet if it still exists.

4) Open an elevated cmd prompt and run "sc delete immunetprotect". Run "services.msc" and verify the service for Immunet/ClamAV has been deleted.

5) Done, reboot once more and reinstall the latest version of Immunet ;)

Share this post


Link to post
Share on other sites

Thanks for quick and nice support. I have removed old installation and currently downloading latest version(looks at RobT :P). Though I would like to clear my doubts about UDP packets. I guess but not sure that these UDP packets are accessing amazon servers for virus signatures. If yes, then I will add rules to my firewall to allow UDP packets to amazon servers. Can someone please provide a list of IP addresses of Amazon servers. Thanks once again.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...