This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

How can I block hacker's IP?

Question
0

Sign in to vote
I was scammed and I thought those scammers were really from Microsoft so I let them remotely connected to my computer. I don’t know what they installed on it.

After I realized that it was a scam, I reset my computer, cleaned all the drives and reinstalled Windows 10. I thought whatever virus I had should have gone away.

But I typed in “netstat -ano” in command prompt, and I still see this:

Proto Local Address Foreign Address State PID
TCP 192.168.1.9:49792 111.221.29.253:443 ESTABLISHED 6752
TCP 192.168.1.9:49793 111.221.29.254:443 ESTABLISHED 6752

I looked up the PID in Task Manager, it is DiagTrack service which is like a key logger right? And the IP that’s connected to it: 111.221.29.254 has been reported 8 times in AbuseIpDb.com.

I don’t know why after I totally reset my computer, this IP is still connected to me.

I thought about blocking this IP by modifying host file.

I used “nslookup 111.221.29.254” but couldn’t find the hostname for this ip.

Server: NF4V.Home
Address: 192.168.1.1

NF4V.Home can't find 111.221.29.254: Non-existent domain

Is there anyway I can block this IP from connecting to my computer?

Is there anyway I can block this IP from my router?
Saturday, June 3, 2017 9:46 AM

All replies

0

Sign in to vote
Hello,

You can use Windows Firewall to block the connection from your computer to the IP address.

You can open the firewall configuration from Control Panel\System and Security\Windows Firewall, and then open Advanced settings.

You should add a new outbound rule, which can deny the connections to IP 111.221.29.254.

Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Proposed as answer by Andy Liu50Microsoft contingent staff Tuesday, June 13, 2017 7:17 AM
Monday, June 5, 2017 8:24 AM