Re: Can't stop a Zombie EMailer
- From: "Milo \(MSPSS\)" <V-4jpaca@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Aug 2007 04:49:48 +0800
Block the said ports from the firewall as an option
"JP" <JP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D01A399C-59E6-4B0E-B133-6072EA7A2082@xxxxxxxxxxxxxxxx
I am assuming I am on the right Group.
I have discovered a Zombie Emailer running on XP Home.
It is sending enough email to bring down the LAN. Using CurrPorts
(cports.exe) I can watch it connect to an IP address on port 80 (probably
picking up the day's email) then connect to another IP Address (close to the
first one) on Port 25.
After a few seconds, all hell breaks loose, and the computer starts spewing
email at a great rate...stopped by pulling the Network cable.
I have watched this, in CurrPorts, and in Process Explorer from
Sysinternals, and it appears to be running from Services.exe PID 688, but
from where after that is the real question.
I have used 3 different Virus Scanners, and 2 different Rootkit finders.
Nothing.
I further checked it with HiJackThis, and with Autoruns. Seems that it is
not something that normally shows up as an "evil doer". I am not sure if
they have hijacked a service, or just what.
Any suggestions.
.
- Follow-Ups:
- Re: Can't stop a Zombie EMailer
- From: Dustin Cook
- Re: Can't stop a Zombie EMailer
- Prev by Date: Re: Can't stop a Zombie EMailer
- Next by Date: Re: Need site for malware submissions
- Previous by thread: Re: Can't stop a Zombie EMailer
- Next by thread: Re: Can't stop a Zombie EMailer
- Index(es):
Relevant Pages
|
