Re: Netbios records (602 lifetime)



Not that I know of. I assume your tried Nbtstat -R to remove them. The other
thing I would check is to see if there are entries in the lmhosts file for
those entries making them persistent. Lmhosts is located in Windows [or
Winnt]\system23\drivers\etc folder. --- Steve

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/nbtstat.mspx?mfr=true

-R : Purges the contents of the NetBIOS name cache and then reloads the
#PRE-tagged entries from the Lmhosts file.

"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CDB6BE7F-1275-447B-833F-B213DC79005C@xxxxxxxxxxxxxxxx
Thanks, is their something important about the 602 life of the cached
records?



"Steven L Umbach" wrote:

I would not rely on nbtstat to tell you if a computer has malware or
spyware. Using netstat -an will give you a better idea of port activity
and
a utility like the free TCPView and Tdimon from SysInternals would be
better
yet showing what processes/executables are associated with the port use.
I
also like Process Explorer as it can show the publisher of the executable
used for a process which can help identify it. If you do not see a
publisher
name then the executable/process could be suspect though not always.
Since
you suspect and infection be sure to run a virus and spyware scan using
the
latest definitions for whatever you use to see what they find. ---
Steve

http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link
to
SysInternals

"Mark" <Mark@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25250712-1CDE-43DC-8515-5E7338AE8F63@xxxxxxxxxxxxxxxx
I have a general suspicion that a pc is infected with some spyware or a
virus.

NBTSTAT -c lists a load of records for PC's in the organisation that
really
this machine has no reason to connect to.

The records are <20> and have a life of 602 seconds.

I cannot flush them, nor does the 602 decrement in any way.

Spyware, Virus or config?

Many Thanks in advance







.