"I.L.B." сообщил/сообщила в новостях следующее:
...
Hi all ;
I am just experiencing a strange kind of infection I don't know wether is
a
new worm or not, as I never seen it before. The situation is next:
- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound
packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some
strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).
I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...
Any ideas? Thanks !!
Scan for spyware programs. Use adaware or spybot for it. Make sure your
antivirus is uptodate. Scan for trojans as well,
www.moosoft.com has a free
scanner. If your router has a build in firewall, use it or download a one of
the many around. Zone Alarm has a free version.
Also see
http://www.pacs-portal.co.uk/startup_content.php to see what
programs are running in Task Manager and what they are.
A good information site on firewall
http://computer.howstuffworks.com/firewall.htm
Ashok S.