Re: Netbios records (602 lifetime)



Not that I know of. I assume your tried Nbtstat -R to remove them. The other
thing I would check is to see if there are entries in the lmhosts file for
those entries making them persistent. Lmhosts is located in Windows [or
Winnt]\system23\drivers\etc folder. --- Steve

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nbtstat.mspx?mfr=true

-R : Purges the contents of the NetBIOS name cache and then reloads the
#PRE-tagged entries from the Lmhosts file.

"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CDB6BE7F-1275-447B-833F-B213DC79005C@xxxxxxxxxxxxxxxx
Thanks, is their something important about the 602 life of the cached
records?



"Steven L Umbach" wrote:

I would not rely on nbtstat to tell you if a computer has malware or
spyware. Using netstat -an will give you a better idea of port activity
and
a utility like the free TCPView and Tdimon from SysInternals would be
better
yet showing what processes/executables are associated with the port use.
I
also like Process Explorer as it can show the publisher of the executable
used for a process which can help identify it. If you do not see a
publisher
name then the executable/process could be suspect though not always.
Since
you suspect and infection be sure to run a virus and spyware scan using
the
latest definitions for whatever you use to see what they find. ---
Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link
to
SysInternals

"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25250712-1CDE-43DC-8515-5E7338AE8F63@xxxxxxxxxxxxxxxx
I have a general suspicion that a pc is infected with some spyware or a
virus.

NBTSTAT -c lists a load of records for PC's in the organisation that
really
this machine has no reason to connect to.

The records are <20> and have a life of 602 seconds.

I cannot flush them, nor does the 602 decrement in any way.

Spyware, Virus or config?

Many Thanks in advance







.



Relevant Pages

  • Re: Netbios records (602 lifetime)
    ... I would not rely on nbtstat to tell you if a computer has malware or ... yet showing what processes/executables are associated with the port use. ... you suspect and infection be sure to run a virus and spyware scan using the ...
    (microsoft.public.security)
  • Re: A little help please...
    ... already used to rid my system of this spyware once and for all. ... very decent scan) which found maybe 20 entries and deleted. ... How do I get rid of this software? ... Run HijackThis and post your log to one of the following forums (not ...
    (microsoft.public.windowsxp.security_admin)
  • RE: E2G, Apropos media, QoolAid, iebhos.dll
    ... Deleting these keys would normally fix the problem. ... entries in CLSID which is where active X controls are referenced. ... spyware removal tool like Spyware Doctor or even the Microsoft tool. ... >> can limit the number of infections to 6, which Spyware Doctor can then clean. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ZoneAlarm - How to identify Generic Host Process Origin?
    ... I doubt I have a virus or trojan, my AVS is up to date and has ... > old program entry and instead adds new entries. ... > depending on whether XP was an initial install or upgrade). ... > same as what Microsoft's website says it to be for that specific version. ...
    (comp.security.firewalls)
  • Re: COMPUTER SHUTS DOWN AS SOON AS IT LOGS ON
    ... several RUN entries of the registry. ... entries and deleting the file, ... AVG 7 with the latest download ... If the virus is not found on her PC, check the others if she is on a LAN. ...
    (microsoft.public.security.virus)