Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Syn_Sent virusFlood on -netstat

Started by jprheeder , Jun 29 2010 10:26 AM

  • Please log in to reply

#1
jprheeder
Posted 29 June 2010 - 10:26 AM

jprheeder

    New Member

  • Member
  • Pip
  • 1 posts
Hi Geeks 2 go Community!

I am a IT guy for an accounting firm in south Africa :) AND I NEED YOUR HELP!

Our windows 03 server has been infected with some type of virus/spamware. when the server is connected to the network, no staff pc's can browse the internet, the server is not able to browse if it is the only pc on the network.

upon closer investigation (-netstat) i have found that the server sends syn_sent to random IP addresses every 5 seconds or so starting from port 1026, it seems to be using all our open ports, our firm usually uses 12GB per month, this virus has upped our usage to 32GB overnight(it all started about 24 hours ago so its done 20GB since then)

I have AVG network edition and ad-aware (free - just installed it) installed on the server, I am currently @ home with the servers hard drive running a eset smart security scan on the server drive. I have not picked anything up yet. is it possible the virus is remote? at a loss here guys.

Edited by jprheeder, 29 June 2010 - 10:28 AM.

  • 0

Advertisements

#2
dsenette
Posted 29 June 2010 - 11:45 AM

dsenette

    Je suis Napoléon!

  • Community Leader
  • 26,047 posts
  • MVP
Please read the Malware/Spyware cleaning guide here follow the instructions at the top....

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then post an OTL log in THE MALWARE FORUM forum.
(Posting OTL logs or ANY other logs requested in the malware/spyware cleaning guide in any other forum other than the malware forum is forbidden. If you post any of these logs in any other forum, it will be removed and it will take you longer to get help, so please make sure you only post logs in the malware forum)

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread..
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP