Re: PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

chris_at_nospam.com
Date: 05/02/04 

Date: Sun, 02 May 2004 19:07:40 GMT

On 2 May 2004 09:59:20 -0700, pinyinyang@yahoo.com (PinYinYang) wrote:

>This occured on Win XP Professional.
>
>Network Connections pops up a prompt literally about every 5 seconds
>saying "You [or a program] have requested information from
>---.---.---.---. Which connection to you want to use?"
>
>Each time the prompt appears, it is attempting to connect to a
>different IP address (I haven't seen the same one twice). Of course,
>I clicked cancel to each prompt. I started recording a list of the IP
>addresses shown, but I got bored after a few more than 100.
>
>I'll make the wild assumption that this computer has been compromised.
> I've found something called TEEKIDS.EXE running on the system and it
>looks (from a Google search) like this is some sort of worm.
>
>Now, this is happening on my parent's computer, and they don't use it
>for much more than Solitaire and downloading photos of my niece from a
>digi-cam, so I'm not too worried. But I would like to make this a
>learning experience so that I can know what to do in the future.
>Nonetheless, please pray for me that nobody does anything malicious
>with photos of my niece or my parent's Solitaire scores!
>
>>From this I have two questions:
>
>(1) Can anyone tell me what is happening on this computer? Is this
>list of IP addresses pointing to other infected machines? Or is it
>trying randomly to find other machines to infect?

Yes, it's trying to infect othre computers.

>(2) Is there anything -helpful- that I can do with the list of IP
>addresses that I've written down? If they are infected machines, for
>example, is there any way to alert those machine owners?

Not really.

>I think I'm going to just wipe their machine clean and re-install the
>OS from scratch, so you don't (necessarily) have to try to help me
>with that kind of advice. Maybe I can even convince them that
>Solitaire can be played on Linux too. ;)

Definitely nuke the machine. Depending on the OS you finally decide
on, make sure it's got antivirus configured to automatically update,
all the OS patches are installed, and that the firewall is setup.

-Chris

Relevant Pages

  • PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
    ... Network Connections pops up a prompt literally about every 5 seconds ... with photos of my niece or my parent's Solitaire scores! ... list of IP addresses pointing to other infected machines? ...
    (comp.security.misc)
  • Spyware, the FBI, and The Failure of ISPs [telecom]
    ... Spyware, the FBI, and The Failure of ISPs ... sniffing to find infected machines and tell the customer in the first ... the miserable botnets that plagues the Internet to figure out how to ...
    (comp.dcom.telecom)
  • SID Issue after Upgrading to AD to W2K3?
    ... A user starts to get the logon prompt when opening Outlook from a computer ... This also seems to generate the following logs in the users System Event log ... Changing the SID of the machines seems to correct the problem, ... We do Ghost machines, however, we use SysPrep. ...
    (microsoft.public.windows.server.general)
  • Re: Website comes up as a blank page
    ... No brand-new machines should be used for browsing or anything else online without having first enabled a firewall, been fully-patched at Windows Update, and installing an AV app and updating its definitions. ... I would think that it was more of a Group Policy issue because the policy settings wouldn't affect Firefox, ... It looks like McAfee's "protections" are disabling scripting, or possibly another security application is. ... dialog to set anything which is currently Enable to Prompt. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • SUMMARY: AlphaSErver 4100 - Not getting user prompt after logging
    ... So first I replaced the network card. ... The System hangs. ... FS from other machines are mounted on this ... > is not getting the prompt on the console. ...
    (Tru64-UNIX-Managers)