Re: Is this a virus?
From: Michael (Not-My-Real_Address_at_bigpond.net.au)
Date: 03/11/04
- Previous message: Nils Petter Vaskinn: "Re: Is this a virus?"
- In reply to: Nils Petter Vaskinn: "Re: Is this a virus?"
- Next in thread: Michael: "Re: Is this a virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Mar 2004 22:57:56 GMT
"Nils Petter Vaskinn" <me@privacy.net> wrote in message
news:pan.2004.03.11.20.19.58.458253@privacy.net...
> On Thu, 11 Mar 2004 02:50:08 +0000, Michael wrote:
>
> > Linux gateway = Redhat
> [snipp long horror story]
> > DST=69.2.40.97 3
>
> Can you isolate it on a network with a machine you control, give it a
> resposnse to the lookup and then see what id does? If it's a worm it
> probably wants to send something, and if you can get a cappture of it then
> you migght be able to fiigure out what it is.
It is already isolated (blocked from internet access) but does not appear to
want to propagate to the other windows machines I have. I wish I could get
it to do something that would reveal what program it was.
When I run windump there is so much normal activity for windows networks
that I cannot tell what is what. The machines are always chacking names and
looking to see who is there even if I take the network lead out of the card
on the suspect machine.
A few extra points to note:
I have a linux machien running a WINS server (under Samba) and inoming VPN
access to the NT machine and several domains listed under the Domain Suffix
Search Order in the TCP/IP properties. I have a similar setup on an XP Pro
machine that does not appear to be affected.
> --
> NPV
>
> What did that old blonde gal say? -- That is the part you throw away.
> Tom Waits - The part you throw away
>
- Previous message: Nils Petter Vaskinn: "Re: Is this a virus?"
- In reply to: Nils Petter Vaskinn: "Re: Is this a virus?"
- Next in thread: Michael: "Re: Is this a virus?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
