Virus??????? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 09-25-2004, 05:35 PM   #1 (permalink)
Newb Techie
 
Join Date: Sep 2004
Posts: 2
Send a message via ICQ to gizmo1_1 Send a message via AIM to gizmo1_1 Send a message via Yahoo to gizmo1_1
Angry Virus???????

A client brought in a laptop with the following config (Basic):

* Win XP home
* Athalon XP 2600
* 512MB
* ATi Video
* Nav
* Dialup connection to the internet


Upon recipt I noticed that regedit, and taskmgr would not operate.
(open and close after a few seconds.) I Renamed the two files and opened regedit.

I also noticed an extreme amount of outbound traffice on port 445 (microsoft-ds). From a dial up connection to the internet the machine ceases to access the internet. On a Lan connection it is slow (Probably from all of the outbound traffic)

I found nothing in HKLM/Software/Microsoft/Current Version/ RUN (Run Once) (Run Services) that should not be there.

I also checked in HKCU/etc........

I have used Hijackthis, Adaware, and Spybot S @ D to remove all malware

I used NAV, Mcafee, AVG, TRend Micro, and TDS-3 to determine that no viruses were on the system.

To no avail I cannot see a running process that is initiating this flow of traffic, or the changes that prevedt regedit and taskmgr from running.

here is a list of running processes

* smss.exe
* csrss.exe
* winlogon.exe
* services.exe
* lsass.exe
* svchost.exe
* svchost.exe
* spoolsvc.exe
* Explorer.exe
* Ati2evxxx.exe
* navapsvc.exe
* svchost.exe
* AgentSvr.exe


Any help would be great.

Other things that I have tried include:

System file checker
MS info to determine that all loaded modues were from known sources.
I know that the file somehow uses svchost.exe to function, but don;t know what file calls it.


Thanks in advance.

GIZMO
__________________
It is a miracle that curiosity survives formal education. -- Albert Einstein
It said 'Insert disk #3', but only two will fit. -- The average customer.
"There is no need for any individual to have a computer in their home." – Ken Olson, President of Digital Equipment Corp., 1977 …….

tec_star@hotmail.com
Report Post | IP: Logged
__________________

gizmo1_1 is offline  
Old 09-25-2004, 05:38 PM   #2 (permalink)
Super Techie
 
Join Date: Sep 2004
Posts: 261
Send a message via Yahoo to mre30
Default

I would run a check for these to worms Sasser and Korgo
__________________

mre30 is offline  
Old 09-25-2004, 06:00 PM   #3 (permalink)
Newb Techie
 
Join Date: Sep 2004
Posts: 2
Send a message via ICQ to gizmo1_1 Send a message via AIM to gizmo1_1 Send a message via Yahoo to gizmo1_1
Default

Quote:
Originally posted by mre30
I would run a check for these to worms Sasser and Korgo

As I stated above, I have installed and run the following Anti-virus software

Mcafee.com (Online Scan)
Norton Anti-Virus
Tren Micro (Online Scan)
AVG Anti-virus
and TDS-3 Trojan detection
gizmo1_1 is offline  
Old 09-25-2004, 08:37 PM   #4 (permalink)
True Techie
 
Join Date: Jun 2004
Posts: 172
Default

I'd run ad aware or a squared and see what you come up with. You might want to try dumping the java cache. There are some commercial trojans that don't show up on scans, and tend to hang out in the java cache.
heavywx is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 07:26 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.