If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
ZICLSH, virus or not?
Xref: kermit microsoft.public.windowsxp.security_admin:157844
I have just re-installed XP on my brothers computer to fix some bugs. After the re-install, the internet was very slow (Dial-up) I have transfered the computer to my house where I have ADSL and my router locks up after 1minute after connecting his machine. I enabled the firewall log and discovered that the machine was trying to connect to IP address as though it is a virus seeking other computers, sequentaily checking for open ports on different IP address. It is doing this at a rate of about 50 address per second. My virus checker reveals nothing... AVG, Norton & E-trust I installed E-trust firewall, which asked if I would like to allow ZICLSH.EXE to access the internet at 80.134.66.93 port 3305, as this resembles all the IP address the machine has been trying to access, I denied it access to the internet. This cured the problem. I cannot find ZICLSH.EXE on this computer but found several entries in the registry. The registry entry was linked to Microsoft Windows Java. I have deleted these entries from the registry and after re-boot there are no further problems. Does anyone know if this is a virus or program gone wrong, where it could have been picked up from etc.. Cheers Martin Firewall log example 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.163.11.70 3015 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.8.156.152 3016 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.110.45.236 3017 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.214.186.48 3018 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.59.76.3 3019 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.161.220.86 3020 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.6.110.169 3021 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.110.251.238 3022 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.212.139.193 3023 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.57.29.20 3024 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.158.174.102 3025 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.7.60.172 3026 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.108.204.126 3027 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.209.93.210 3028 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.54.238.36 3029 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.159.123.105 3030 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.4.13.61 3031 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.105.158.143 3032 135 - - - - - - - - 2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.206.46.226 3033 135 - - - - - - - - |
Ads |
Thread Tools | |
Display Modes | |
|
|