locked
How can I block hacker's IP? RRS feed

  • Question

  • I was scammed and I thought those scammers were really from Microsoft so I let them remotely connected to my computer. I don’t know what they installed on it. 

    After I realized that it was a scam, I reset my computer, cleaned all the drives and reinstalled Windows 10. I thought whatever virus I had should have gone away. 

    But I typed in “netstat -ano” in command prompt, and I still see this: 

    Proto     Local Address       Foreign Address         State          PID 
    TCP 192.168.1.9:49792 111.221.29.253:443 ESTABLISHED 6752 
    TCP 192.168.1.9:49793 111.221.29.254:443 ESTABLISHED 6752 

    I looked up the PID in Task Manager, it is DiagTrack service which is like a key logger right? And the IP that’s connected to it: 111.221.29.254 has been reported 8 times in AbuseIpDb.com. 

    I don’t know why after I totally reset my computer, this IP is still connected to me. 

    I thought about blocking this IP by modifying host file. 

    I used “nslookup 111.221.29.254” but couldn’t find the hostname for this ip. 

    Server: NF4V.Home 
    Address: 192.168.1.1
        • NF4V.Home can't find 111.221.29.254: Non-existent domain

    Is there anyway I can block this IP from connecting to my computer? 

    Is there anyway I can block this IP from my router?
    Saturday, June 3, 2017 9:46 AM

All replies

  • Hello,

    You can use Windows Firewall to block the connection from your computer to the IP address.

    You can open the firewall configuration from Control Panel\System and Security\Windows Firewall, and then open Advanced settings.

    You should add a new outbound rule, which can deny the connections to IP 111.221.29.254.

    Best regards,
    Andy Liu

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 5, 2017 8:24 AM