I just tried the moosoft scanner and it seems to work ok, identifying a
small demonstration app I dnloaded from gibson's Shields Up.
I also really wondered about the ports I found open with netstat, but it
turns out epmap is the 'endpoint mapper' that is a legit process, as is
microsoft-ds (smb).
svchost is the generic windows services host process and multiple instances
are normal.
As to the burst of data outbound, I don't know ...
good luck.

"I.L.B." wrote in message
...
Hi all ;

I am just experiencing a strange kind of infection I don't know wether is
a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound
packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some
strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!