Am i under attack? trojans n stuff
From: tarquinlinbin (fleagle_at_myrealbox.com)
Date: 03/30/04
- Previous message: xxx: "see how easy it is for someone to steal your computers with one lie"
- Next in thread: Shenan Stanley: "Re: Am i under attack? trojans n stuff"
- Reply: Shenan Stanley: "Re: Am i under attack? trojans n stuff"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 09:17:19 +0100
I seem to have had a problem on and off for a while.
I keep getting running processes which seem to engage the cpu 100% and
slow down my pc.
I use xp pro, have a netgear router, norton internet security etc
so far i have spotted cmd.exe running in running processes on occasion
and taking 100% cpu , i have recently spotted system running at near
100% and yet there appears to be no internet traffic flowing
(broadband).
I ran some software to check tcp ports and at the time,the following
was noted..
alg.exe:1084 TCP a:3001 a:0 LISTENING
ccApp.exe:1612 TCP a:3008 a:0 LISTENING
CCPXYSVC.EXE:1100 TCP a:1027 a:0 LISTENING
lsass.exe:436 UDP a:isakmp *:*
svchost.exe:592 TCP a:epmap a:0 LISTENING
svchost.exe:616 TCP a:1025 a:0 LISTENING
svchost.exe:616 TCP a:3002 a:0 LISTENING
svchost.exe:616 TCP a:3003 a:0 LISTENING
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:616 UDP a:ntp *:*
svchost.exe:616 UDP a:2234 *:*
svchost.exe:688 UDP a:3007 *:*
svchost.exe:700 TCP a:5000 a:0 LISTENING
svchost.exe:700 UDP a:1900 *:*
svchost.exe:700 UDP a:1900 *:*
System:4 TCP a:microsoft-ds a:0 LISTENING
System:4 TCP a:1028 a:0 LISTENING
System:4 TCP a:netbios-ssn a:0 LISTENING
System:4 UDP a:microsoft-ds *:*
System:4 UDP a:netbios-ns *:*
System:4 UDP a:netbios-dgm *:*
recently NIS reported that oraini.exe wanted to make an internet
connection and flagged it as high risk so i blocked it. I also noted
that in NIS statistics an apparent connect attempt was made (in or
out,i dont know but i didnt type the address in a browser!!) to
194.226.151.186 which is apparently the siberian tourist board website
or something!!
I have all the latest windows updates apart from sp1. I also have
trojan scanner software which doesnt detect anything.
My research tells me something about redbrook-broker on ports 3001-
and i note that 3001 is in my list.
I seem to have plenty of security in place but i dont feel that secure
and i feel that something is going on or something is at least trying
to do something and failing becuase of security..
any clues/thoughts please??
joe
- Previous message: xxx: "see how easy it is for someone to steal your computers with one lie"
- Next in thread: Shenan Stanley: "Re: Am i under attack? trojans n stuff"
- Reply: Shenan Stanley: "Re: Am i under attack? trojans n stuff"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
