1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

196.215.150.100

Discussion in 'BlackHat Lounge' started by richman, Feb 7, 2009.

  1. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    I got this ip number from my Kapersky antivirus netwok monitoring
    This ip recorder send bit every hour

    196.215.150.100

    Anyone can explain me , what actually this ip ?
    Whois Record

    inetnum: 196.212.0.0 - 196.215.255.255
    netname: TIS-20061026
    descr: all abuse queries must be sent to
    descr:
    country: ZA
    admin-c: ZT12-AFRINIC
    tech-c: ZT12-AFRINIC
    status: ASSIGNED PA
    mnt-by: AFRINIC-HM-MNT
    remarks: all abuse queries must be sent to
    remarks:
    source: AFRINIC # Filtered
    parent: 196.0.0.0 - 196.255.255.255

    person: IS Hostmaster
    address: The Campus, 57 Sloane Street
    address: Bryanston
    address: Johannesburg
    address: Gauteng
    address: 2021
    phone: +27(11) 5750550
    fax-no: +27(11) 5760550
    e-mail:
    org: ORG-TIS1-AFRINIC
    nic-hdl: ZT12-AFRINIC
    source: AFRINIC # Filtered

     
  2. smileplease

    smileplease Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    242
    Likes Received:
    159
    infected with a botnet.

    if i'm right.
     
  3. toyo

    toyo BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    1,012
    Likes Received:
    498
    your computer is just calling home every now and then... not much of a problem, most of us depend on botnets for proxies, so your just doing your part right now :p
     
  4. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    what must I do ?
     
  5. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Code:
    www.comodo.com
    = Free firewall and anti virus 4 life... That's one of the apps I use.
     
  6. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    what is botnets effect ?
    Is it very dangerous ?
     
  7. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Can be used for a lot of things, DoS attacks, spambots, click fraud, spamdexing, and of course, good ol' identity theft. Yes it can be very dangerous.
     
  8. trifo13

    trifo13 Newbie

    Joined:
    Jan 31, 2009
    Messages:
    18
    Likes Received:
    6
    Yes, its very dangerous... ur computer can be used as mule and they can use ur ip to hack/card and do other bad things, also they can steal all of your information.
    I think, if its a good bot, the best way to remove it is unplug network, format and install of fresh OS.
    Regards.
     
  9. leonidt

    leonidt Regular Member

    Joined:
    Oct 11, 2008
    Messages:
    235
    Likes Received:
    210
    Yes. Format. Now. Your PC is calling it's master.
     
  10. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    [​IMG]

    I formated my last windows OS, but still found IP 196.215.105.100

    anyone can explain me ?
     
  11. mr4army

    mr4army Regular Member

    Joined:
    Nov 23, 2008
    Messages:
    459
    Likes Received:
    80
    Home Page:
    you problay spreaded it to other computers connected to your network do you have more in your network?
     
  12. 4alllifestyles

    4alllifestyles Junior Member

    Joined:
    Dec 3, 2008
    Messages:
    170
    Likes Received:
    98
    UDP Port 137 is Netbios Name Service...

    196.215.105.100 is South Africa

    I would run two or three different antivirus systems and clean all you can.

    Then do a Hardware Format of your hard disk with the HD manufacturers downloadable tools. Might even do that twice. Wipe it totally clean (boot tracks, everything).

    Then load the OS, and Apps from the ORIGINAL CD's

    Then load clam anti-virus AND Comodo or AVG

    And finally only bring over data from your backups that you can't live without. And only after you've used BOTH clam anti-virus AND Comodo or AVG to scan and make sure they're clean before bringing it over (and only if it's clean).

    Yeah, I know it's a pain. But worth it if your botted.
     
  13. smileplease

    smileplease Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    242
    Likes Received:
    159
    Format it.
    Install a clean windows xp.

    DO NOT INSTALL ANY PIRATED PROGRAMS
     
  14. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    I just formated it with new OS, but still get this trojan/virus

    what antivirus can delete this ????
     
  15. smileplease

    smileplease Regular Member

    Joined:
    Sep 29, 2008
    Messages:
    242
    Likes Received:
    159
    did you buy the OS from the store?
     
  16. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    Carefully and slowly follow the directions on this site:
    This is a great guide for removing malware.
     
  17. richman

    richman BANNED BANNED

    Joined:
    Jan 8, 2009
    Messages:
    321
    Likes Received:
    308
    Thanks
     
  18. toyo

    toyo BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    1,012
    Likes Received:
    498
    nah..its a rootkit.. i had it..

    the only thing that worked fr me is installing a different version of windows

    time to look at vista
     
  19. cooooookies

    cooooookies Senior Member

    Joined:
    Oct 6, 2008
    Messages:
    1,008
    Likes Received:
    216
    stop stop stop. What BS in the comments above? If you reinstall your os freshly, this is completely sufficient and you don't have to scratch your harddisk with a screwdriver, provided that you did not reinstall your favorite blackhat tool from this forums download section.

    Check first, if you have only incoming connections or also outgoing. In the first case, just setup correctly your firewall. Only when you have outgoing connections to that IP you have actually really to care.

    Well this is just my first assumption, but you should give here more details (other computers in your net, directly connected to the internet or via a dsl-router, etc etc).
     
  20. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    How about installing some of these black hat programs in a virtualized environment and behind a firewall? Does anybody think that this would be safer?