Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Syn_Sent virusFlood on -netstat

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Hi Geeks 2 go Community!

I am a IT guy for an accounting firm in south Africa :) AND I NEED YOUR HELP!

Our windows 03 server has been infected with some type of virus/spamware. when the server is connected to the network, no staff pc's can browse the internet, the server is not able to browse if it is the only pc on the network.

upon closer investigation (-netstat) i have found that the server sends syn_sent to random IP addresses every 5 seconds or so starting from port 1026, it seems to be using all our open ports, our firm usually uses 12GB per month, this virus has upped our usage to 32GB overnight(it all started about 24 hours ago so its done 20GB since then)

I have AVG network edition and ad-aware (free - just installed it) installed on the server, I am currently @ home with the servers hard drive running a eset smart security scan on the server drive. I have not picked anything up yet. is it possible the virus is remote? at a loss here guys.

Edited by jprheeder, 29 June 2010 - 10:28 AM.

  • 0




    Je suis Napoléon!

  • Administrator
  • 26,018 posts
  • MVP
Please read the Malware/Spyware cleaning guide here follow the instructions at the top....

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty (and you may not be) then post an OTL log in THE MALWARE FORUM forum.
(Posting OTL logs or ANY other logs requested in the malware/spyware cleaning guide in any other forum other than the malware forum is forbidden. If you post any of these logs in any other forum, it will be removed and it will take you longer to get help, so please make sure you only post logs in the malware forum)

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread..
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP