Norton Blocks Portscan, Internet Becomes Extremely Slow

[jonathan142]

About a week ago Norton detected a "downloader" virus during a system scan. I followed the suggested steps to get rid of it (which was just to disable system restore and rescan) and no more viruses were detected. However every few hours Norton will detect a "Portscan" from IP address 64.71.255.198(domain(53)). After this the internet connection becomes extremely slow for maybe half an hour. Lately however, the portscans have ceased yet the internet will still become extremely slow every once in awhile then speed up again.

I've googled this problem and I haven't found anyone with the exact same problem as me. A lot of solutions to do with Norton and portscanning are from a few years ago and mention using a program called Ewido to find hidden trojans or something, but it does not exist anymore. The thing is the internet connection on other computers is fine (using a router) while this happens, so I don't think it's a virus that's just taking up bandwidth, and from my googling the IP address listed is actually Rogers Cable, but I'm a little wary disabling Norton in case someone is trying to gain access to my computer, and it seems unlikely Norton detected a downloader virus right before my connection slowed down by coincidence.

Any suggestions? Thanks.

 

[Brian_tii]

If your cable provider is Rogers... I'd say you have a false positive with Norton and it's blocking legitimate DNS traffic. This is what I got from an nslookup of that adresss.... Norton is fairly good for AV, not exactly good on the IDS / IPS / network traffic side:

Name: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

I'd run an "ipconfig /all" from your command line, verify your DNS server is set to 64.71.255.198, and assuming it is, disable the blocking of that within Norton.

 

[jonathan142]

Well I just found out something strange. According to Rogers over this month we have uploaded 30GB. The thing is none of us use torrents, and usually the monthly upload usage is 1 or 2GB, could this virus be uploading data from my computer?

 

[Brian_tii]

Yeah... I'd say you've got something going on with your computer. I'd recommend a good AV program and / or formatting your machine and reinstalling the OS.

 

[jonathan142]

Hmm I'll try Malwarebytes and update the results, thanks for the help.

 

[jonathan142]

The scan detected a couple registry files from antivirus soft which infected our computer maybe a year ago, I'll see if any more portscans show up.

 

[jonathan142]

No more portscans have showed up, and no more ridiculous 1Gb upload days, however upload usage is still about 1/3 of download which seems higher than normal but I'm not sure. Does this sound normal to you?

 

[Brian_tii]

Eh... I'm really not sure. I've never paid attention to ratios... but seems plausible to me depending on what you're doing.

 

[jonathan142]

Best answer selected by jonathan142.