On Thu, 30 Dec 2004 11:30:28 GMT, "bluddihun"
wrote:

I just tried the moosoft scanner and it seems to work ok, identifying a
small demonstration app I dnloaded from gibson's Shields Up.
I also really wondered about the ports I found open with netstat, but it
turns out epmap is the 'endpoint mapper' that is a legit process, as is
microsoft-ds (smb).
svchost is the generic windows services host process and multiple instances
are normal.

True.
But that does not mean that one (or more) of the svchost
instances are caused by a worm or other malware :-)

(Why write the entire virus when you have Windows available :-)

As to the burst of data outbound, I don't know ...

--
Kind regards,
Gerard Bok