PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

From: PinYinYang (pinyinyang_at_yahoo.com)
Date: 05/02/04 

Date: 2 May 2004 09:59:20 -0700

This occured on Win XP Professional.

Network Connections pops up a prompt literally about every 5 seconds
saying "You [or a program] have requested information from
---.---.---.---. Which connection to you want to use?"

Each time the prompt appears, it is attempting to connect to a
different IP address (I haven't seen the same one twice). Of course,
I clicked cancel to each prompt. I started recording a list of the IP
addresses shown, but I got bored after a few more than 100.

I'll make the wild assumption that this computer has been compromised.
 I've found something called TEEKIDS.EXE running on the system and it
looks (from a Google search) like this is some sort of worm.

Now, this is happening on my parent's computer, and they don't use it
for much more than Solitaire and downloading photos of my niece from a
digi-cam, so I'm not too worried. But I would like to make this a
learning experience so that I can know what to do in the future.
Nonetheless, please pray for me that nobody does anything malicious
with photos of my niece or my parent's Solitaire scores!

>From this I have two questions:

(1) Can anyone tell me what is happening on this computer? Is this
list of IP addresses pointing to other infected machines? Or is it
trying randomly to find other machines to infect?

(2) Is there anything -helpful- that I can do with the list of IP
addresses that I've written down? If they are infected machines, for
example, is there any way to alert those machine owners?

I think I'm going to just wipe their machine clean and re-install the
OS from scratch, so you don't (necessarily) have to try to help me
with that kind of advice. Maybe I can even convince them that
Solitaire can be played on Linux too. ;)

Thanks!

Relevant Pages

  • Re: PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
    ... >Network Connections pops up a prompt literally about every 5 seconds ... >with photos of my niece or my parent's Solitaire scores! ... >list of IP addresses pointing to other infected machines? ...
    (comp.security.misc)
  • Spyware, the FBI, and The Failure of ISPs [telecom]
    ... Spyware, the FBI, and The Failure of ISPs ... sniffing to find infected machines and tell the customer in the first ... the miserable botnets that plagues the Internet to figure out how to ...
    (comp.dcom.telecom)
  • SID Issue after Upgrading to AD to W2K3?
    ... A user starts to get the logon prompt when opening Outlook from a computer ... This also seems to generate the following logs in the users System Event log ... Changing the SID of the machines seems to correct the problem, ... We do Ghost machines, however, we use SysPrep. ...
    (microsoft.public.windows.server.general)
  • Re: Website comes up as a blank page
    ... No brand-new machines should be used for browsing or anything else online without having first enabled a firewall, been fully-patched at Windows Update, and installing an AV app and updating its definitions. ... I would think that it was more of a Group Policy issue because the policy settings wouldn't affect Firefox, ... It looks like McAfee's "protections" are disabling scripting, or possibly another security application is. ... dialog to set anything which is currently Enable to Prompt. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • SUMMARY: AlphaSErver 4100 - Not getting user prompt after logging
    ... So first I replaced the network card. ... The System hangs. ... FS from other machines are mounted on this ... > is not getting the prompt on the console. ...
    (Tru64-UNIX-Managers)