On Thu, 30 Dec 2004 09:34:57 UTC, "I.L.B." opined:

Hi all ;

I am just experiencing a strange kind of infection I don't know wether is a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!

Perhaps the system is calling home to tell Uncle Bill what you had for
breakfast, or what kind of Pizza you ordered from Domino. A sparrow does not
fall from the sky but Uncle Bill wants to know all about it.

--
Stan Goodman
Qiryat Tiv'on
Israel

All those who believe that the best physicians in France, given two weeks,
can't diagnose what ails a patient - please stand up.