hi guys im having some trouble networking/security. i think it may be a virus but i have no idea. i really just need some guidance on this one, its a new one for me.
ill describe my set up before i pose my problem and questions
i am running a laptop with windows xp and slackware. windows xp is my main os for the moment and is completely updated at almost all times. i do have my documents shared on my LAN, probably my only security risk, but being that im not wireless anymore i dont have to worry about it (i had some wireless security, getting new router with more). i dont use slackware that much so i highly doubt that has anything to do with my problem.
i use avast free edition (i will be subscribing soon) antivirus and update before every scan and it auto updates every 240 mins. i have ZA (free but i may pay) for a firewall, never had any problems with it, its caught everything thats come up. for antspyware i use adaware as a scanner (not real time since its free, will probably subscribe to spyware Dr. after some testing) and microsoft's antispyware as real time. they are both on autoupdate and i update ad-aware before scans. in looking for my problem i started my computer in safe mode with networking last night and did an online scan for viruses from symantic and trend micro's house call. i also used avast and adaware. nothing on any scans except for a few tracker cookies by adaware and an exploit that doesnt really affect me from trend micro.
my router (wireless hardware burnt out, no one can get a signal, hard lines fine though) has a firewall built in and my ISP filters all packets to me that are intended for servers on my ip (supposedly for security, probably just to ensure i pay for a static IP if i wanna serve). i also connect to my schools LAN for classes (comp. sci.), research, print etc. im TA for the IT and i do a lot of work for him so he tells me everything going on in the school. recently he said he thought one of the servers had a virus so that may or may not be related.
real quick on what i use my comp for, Mozilla Thunderbird (gmail) -email (40-50 a day mostly security and computer related emails also some mocktrial) trillian, and hydra irc. lots of word and a lot of music (WMP, need something else) and tons of internet.
i think thats all the info you'll need.
now for my problem and questions
there were multiple blocked attempts (by ZA, in my log which is here ) from my computer trying to connect to other comps on my subnet. must of the attempts are to common ports (139, netbios and 445, SMB over TCP usually shares) and ips that arent shown on my router as being attached. this is obviously a problem. i couldnt find out what program had tried to send the packets. it hasnt continued since then but other problems have arrived. all of these turned out to be unrelated except for one. whenever i plugged into a LAN (yesterday) i couldnt get an ip, my comp would recieve packets fine, but it wasnt sending, so obviously i got no ip, when i told it to repair connection, it said it couldnt because it didnt have an ip. it is fine now (only thing i did was safe mode networking)
so heres my questions,
whats going on?
when looking for an ip, dont i send out broadcast packets looking for a DHCP server?
is that a virus/spyware/malware sending out those packets (and what is flag s?), or have i been hacked :eek: ? (highly, highly doubt its legit. programs)
if i have more questions ill post, i think thats it for now, thanks for reading my rediculously long post (sorry about that).