ZICLSH, virus or not?
From: Ely (Ely_at_discussions.microsoft.com)
Date: 06/14/04
- Next message: Lanwench [MVP - Exchange]: "Re: passwork no longer works after change 'domain' to 'workgroup'"
- Previous message: A Wilson: "Re: Remembered passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Jun 2004 08:24:02 -0700
I have just re-installed XP on my brothers computer to fix some bugs.
After the re-install, the internet was very slow (Dial-up)
I have transfered the computer to my house where I have ADSL and my router locks up after 1minute after connecting his machine.
I enabled the firewall log and discovered that the machine was trying to connect to IP address as though it is a virus seeking other computers, sequentaily checking for open ports on different IP address. It is doing this at a rate of about 50 address per second.
My virus checker reveals nothing... AVG, Norton & E-trust
I installed E-trust firewall, which asked if I would like to allow ZICLSH.EXE to access the internet at 80.134.66.93 port 3305, as this resembles all the IP address the machine has been trying to access, I denied it access to the internet.
This cured the problem.
I cannot find ZICLSH.EXE on this computer but found several entries in the registry.
The registry entry was linked to Microsoft Windows Java.
I have deleted these entries from the registry and after re-boot there are no further problems.
Does anyone know if this is a virus or program gone wrong, where it could have been picked up from etc..
Cheers
Martin
Firewall log example
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.163.11.70 3015 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.8.156.152 3016 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.110.45.236 3017 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.214.186.48 3018 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.59.76.3 3019 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.161.220.86 3020 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.6.110.169 3021 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.110.251.238 3022 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.212.139.193 3023 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.57.29.20 3024 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.158.174.102 3025 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.7.60.172 3026 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.108.204.126 3027 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.209.93.210 3028 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.54.238.36 3029 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.159.123.105 3030 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.4.13.61 3031 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.105.158.143 3032 135 - - - - - - - -
2004-06-14 09:52:10 OPEN TCP 192.168.0.2 80.206.46.226 3033 135 - - - - - - - -
- Next message: Lanwench [MVP - Exchange]: "Re: passwork no longer works after change 'domain' to 'workgroup'"
- Previous message: A Wilson: "Re: Remembered passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
