About a week ago Norton detected a "downloader" virus during a system scan. I followed the suggested steps to get rid of it (which was just to disable system restore and rescan) and no more viruses were detected. However every few hours Norton will detect a "Portscan" from IP address 18.104.22.168(domain(53)). After this the internet connection becomes extremely slow for maybe half an hour. Lately however, the portscans have ceased yet the internet will still become extremely slow every once in awhile then speed up again.
I've googled this problem and I haven't found anyone with the exact same problem as me. A lot of solutions to do with Norton and portscanning are from a few years ago and mention using a program called Ewido to find hidden trojans or something, but it does not exist anymore. The thing is the internet connection on other computers is fine (using a router) while this happens, so I don't think it's a virus that's just taking up bandwidth, and from my googling the IP address listed is actually Rogers Cable, but I'm a little wary disabling Norton in case someone is trying to gain access to my computer, and it seems unlikely Norton detected a downloader virus right before my connection slowed down by coincidence.
If your cable provider is Rogers... I'd say you have a false positive with Norton and it's blocking legitimate DNS traffic. This is what I got from an nslookup of that adresss.... Norton is fairly good for AV, not exactly good on the IDS / IPS / network traffic side:
Well I just found out something strange. According to Rogers over this month we have uploaded 30GB. The thing is none of us use torrents, and usually the monthly upload usage is 1 or 2GB, could this virus be uploading data from my computer?
No more portscans have showed up, and no more ridiculous 1Gb upload days, however upload usage is still about 1/3 of download which seems higher than normal but I'm not sure. Does this sound normal to you?