|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
09-29-2004, 09:14 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 2
OS: XP Pro Sp2
|
Can anyone ID these viruses (virii???)
Anyways.
I have two boxes on my network that are slowing it down BAD, filling up my router's masq table quick. One box had a program running, termserv.exe, sending packets to random ips on port 113. Another box had a program running, ntfs16.exe, sending packets to random ips on port 443. Here's a clip of my masq table last night (notice the short timeouts :) ) : tcp 00:47.79 192.168.1.11 192.168.14.125 3633 (62776) -> 113 tcp 00:38.72 192.168.1.11 192.168.105.207 3372 (62520) -> 113 tcp 00:29.92 192.168.1.11 192.168.171.184 3117 (62264) -> 113 tcp 00:20.07 192.168.1.11 192.168.19.201 4719 (62008) -> 113 tcp 00:11.22 192.168.1.11 192.168.122.49 4459 (61752) -> 113 tcp 00:01.37 192.168.1.11 192.168.87.84 4199 (61496) -> 113 tcp 00:57.42 192.168.1.11 192.168.243.8 3890 (63031) -> 113 and the WHOLE table was filled like that. Can anyone ID either of these? Look familar to anyone? I can't find any info on either of these. I found the remadmin virus (start termserv.exe) but couldn't find any other traces of it other than the termserv.exe. Any help would be appreciated. thanks |
|
     
|
|
09-29-2004, 09:27 AM
|
#2 (permalink) |
|
Registered User
Join Date: Sep 2004
Posts: 2
OS: XP Pro Sp2
|
k, follow-up to my own message (for anyone's future reference :) )
ntfs16.exe is a part of an RBOT variant. Here's the link: http://www.trendmicro.com/vinfo/viru...BOT.QB&VSect=T still trying to find the other one |
|
|
|
|
10-01-2004, 08:45 AM
|
#3 (permalink) |
|
Analyst, Security Team
|
Let's see if there is spyware also.
Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro. Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
| Thread Tools | |
|
|
