This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

finding ip

0

Iam trying to get an ip address from scammers who call everyday stating my computer is infected I've down loaded wireshark and it is running I just don't know what to look for fairly good with my computer but this not so much, PLEASE HELP ME

                                   Terry Philipp 252-636-0186

asked 20 Sep '16, 13:23

philimatt's gravatar image

philimatt
6112
accept rate: 0%

How exactly are they calling, by phone or by popping up a message on your computer's screen?

  • to scare you with "your computer is infected" by phone, one doesn't need to access your computer at all, it is enough to know your phone number and bet on the statistics saying that you are one of the 95 % of households which have one.

  • to scare you with "your computer is infected" by a popup message if your web browser is not running, one needs to infect your computer in advance, either to make it display the popup messages autonomously or to open a backdoor allowing him to send your computer an instruction to display the message. Even in the latter case, it would most likely be your computer which would open a connection to the controlling server, not vice versa, as most computers are protected by security devices or software, preventing network requests coming from the network from being let in.

  • to scare you with "your computer is infected" by a popup message when your web browser is running and you access a certain web page, it is enough to infect that web page so that it would ask your browser to open these popup windows (just like many aggressive advertising services do)

Also, what do the people ask you to do - do they want you to stop spamming them or do they want you to buy an anti-virus software / computer maintenance service from them?

I'm asking this because another possibility would be that your computer actually is infected, and the people who call you want you to stop spamming them after they've seen the spam comes from your IP address. So if they offer to sell you something, they are just cheating on your fear; if they want you to make something about your computer annoying them, they are most likely right and there's something wrong with your computer. And this last case can be confirmed using Wireshark most easily - if it shows you that your PC opens TCP sessions to SMTP servers you've never heard about, or attempts to open TCP sessions to various well-known ports like Telnet, SSH, http, https, ..., of many different IP addresses even if you run just your web browser and open a single page in it, then there is some alien living in your computer and you really do have to do something about it.

(20 Sep '16, 14:01) sindy