Kerio firewall constant incoming connections

[steveryan]

In the last couple of days Kerio (v4) is constantly popping up with the message that can be seen in the enclosed screenshot, the i.p that I have blacked out is mine. It started off with port 2060 and is now on port 2077. Can anybody shed any light as to why this is happening? I'm using a Linksys WAG354G wireless router with WUSB54G wireless network adapter.

[SLK001]

Well, one of the applications you have installed is trying to "phone home". It may be a valid application, or it may be something like a REMOTE ACCESS TROJAN. It would have helped if you had given us the DETAILS>> info.

[TBoneit]

Does the details buton tell you what program? I'd very surprised if you haven't picked up a trojan or some form of malware.

Some come disguised as something else and some install on the sly if you visit the wrong website. You don't have to do anything in some cases except type the url wrong. Example form the past that I did.

www.soundblaster.com leads to the sound card makers website. In a hurry one day I mistyped and left out the l, IOWs soundbaster and ended up on a porn site, one of those that won't go away.

The malware types that are looking to install keyloggers and remote control s/w and such use URLs that are common typing errors of legitimate websites and in some cases they try to mimic the look of the real websiite too.

The other common way for that stuff to get in is kids looking for free games or P2P looking for $ software for free. I had a computer in the shop recently that had a P2P clients download folder that looked chock full of expensive software, until you turn on details for that directory then, son of a gun, most all of that software was under 100k and approx 3 different file sizes. Trying to install that software was what infected the bargain hunting computer user. The Irony is that as well as not getting the "free" software they lost the use of the computer since it was so slow and had to have it repaired.

Another popular way for the malware types to distribute their crud is keygens for $$$$ type software. Once again you're infected.

You probably did something as simple as open an email with a malware payload or mistyped a URL and of course many of the results in search engines will lead to malicious sites. BTW using outlook express with the preview pane means that any email is opened when it is being previewed even if you just hilite it to delete it.

Hopefully you won't end up like one of my customers that had his banks telling him that someone was trying transfer his money. He had to get all new account numbers and credit cards. Hopefully they didn't get enough to steal his Identity too, time will tell.

Anyway good luck.

[steveryan]

Well I did a virus scan and ran Adaware, they found nothing to worry about. So far today though it hasn't happened, so touch wood it won't happen again. Thanks for the advice.

[Poppa_Meth]

Look in Kerio's application settings for kpf4gui and see if incoming connections are blocked. For some reason Kerio itself generates the connections you are seeing. This was causing it to not run full stealth for me. I blocked the incoming connecting, achieved full stealth and never had any issues because of it. In all honesty I'm getting tired of Kerio anyway. Ever since Sunbelt took it over it's headed downhill. Each new version causes more issues than it solves IMO. The last version I used at work wouldn't load at startup. Sunbelt said it was a know issues but never got back to me with a solution.

[fritzi93]

Each new version causes more issues than it solves IMO.

That was my experience as well. And uninstalling it was a pain in the butt. Had to root it out of the registry manually.

You might try Outpost Firewall, been using it for nearly a year now with no complaints. It has the best adblocker I've ever used, BTW.

[guns1inger]

Comodo ( http://www.personalfirewall.comodo.com/ ) is also a very capable, small footprint free firewall.

[steveryan]

I've given Kerio the heave-ho and installed the Comodo firewall. So far, so good. Thanks for the replies.

[fLYtRap]

I have the same thing going in my BlakIce. I just block everything forever and thats it