Go to http://www.sysinternals.com and download tcpview
and process explorer.If you run
"I.L.B." wrote in message
...
Hi all ;

I am just experiencing a strange kind of infection I don't know wether is
a
new worm or not, as I never seen it before. The situation is next:

- I am running a computer with both Win98 and XP installed.
- My Win98 session works OK
- When I start an XP session, and I do activate my network connection... I
start to see a very heavy traffic on the LEDs of my hub/router ADSL. The
activity light is flickering like crazy... what happens??
- I check the Status of the connection, and I see dozens of outbound
packets
per second, and almost nothing incoming. Strange...
- I run NETSTAT to see what it happens. I see a LOT of outbound TCP
connections as "SYN_SENT" from a series of ports from 3400 to 3600 and so
on... no way to stop it !. All of these netstat entries end at some
strange
IPs at EPMAP port.
- I run TaskManager, and I see a lot of started process of "SVCHOST" and
"IEEXPLORE" (about 5 or 6 instances of each one started).

I just checked for Sasser, Welchia worms, but the tools said I don't have
these worms on my computer...

Any ideas? Thanks !!