Re: a possible virus? - Desktop4.GIF (0/1)
From: Chuck (none_at_example.net)
Date: 05/06/04
- Next message: mike: "Re: Escalate privileges possible on DC?"
- Previous message: Monkeyboy: "MS04-011: Security Update problem"
- In reply to: jianping: "Re: a possible virus?"
- Next in thread: Jianping Hua: "Re: a possible virus? - Desktop4.GIF (0/1)"
- Reply: Jianping Hua: "Re: a possible virus? - Desktop4.GIF (0/1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 May 2004 13:47:10 -0500
On 5 May 2004 15:05:40 -0700, *email_address_deleted* (jianping) wrote:
>Thanks Chuck. I've deleted the three you mentioned. The trafic light
>is still on. I don't have napster on. I think this was installed by
>the previous owner. Here should be the complete log file.
Jianping,
Well, I was wrong. Nothing interesting there. :(
Let's go back and ask again - what indications do you have that you're infected
with malware?
Did you try any of the free online virus scans?
Port Explorer always shows SOME network traffic. Let's try this.
You have the Local Area Connection Status, and Port Explorer, both of which give
frequently updated counts of network traffic. See my attachment, which is a
picture I made of my desktop.
To get an idea of the magnitude of network traffic which your computer is
supposedly producing, look at 4 figures, which I indicated on my attachment as A
- D.
1) From the icon in the tool tray (the traffic light), right click and select
Status.
2) Start Port Explorer. Arrange the LAN Connection Status wizard (from Step 1)
so you can see it and the Port Explorer display - maybe like I setup my desktop
in the attachment.
3) In Port Explorer, select Remote - this tab shows all connections outside
your LAN, which should be any you have to worry about.
4) Find a process listed in PE where the Sent and / or Received figures ("C"
and "D" respectively) change rapidly. This will, most likely, be the process
causing your problems. In my example, I used Agent:4076. Yours will certainly
be different. It may not even be listed under the Remote tab - you may have to
look elsewhere (and if so, you probably don't have to worry quite as much).
5) Write down figures A, B, C, then D - in that order - and consistently
please. I don't expect you to capture all 4 at the same time - just be as
accurate and consistent as possible. Do this for half an hour or so every 10
minutes. That will give a picture of the volume of traffic being passed. Write
down the Remote Address(es) indicated too.
6) In your next post, include everything you wrote down.
Of course, since this is a used computer, and you're worried about what's really
happening there, I don't think you'd be considered paranoid to simply wipe and
reinstall the OS - you did get a system CD with a license didn't you?
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
- Next message: mike: "Re: Escalate privileges possible on DC?"
- Previous message: Monkeyboy: "MS04-011: Security Update problem"
- In reply to: jianping: "Re: a possible virus?"
- Next in thread: Jianping Hua: "Re: a possible virus? - Desktop4.GIF (0/1)"
- Reply: Jianping Hua: "Re: a possible virus? - Desktop4.GIF (0/1)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
