Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP & 2000 Server issues on Domain. Real bad!


  • Please log in to reply

#31
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
http
  • 0

Advertisements


#32
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Don't know how to close the port. Can you explain?

Can't tell what process is talking. Killed the one I suspected, but it's still talking.

Ok, it is sending to 66.225.218.13.

Whois came up with MelbourneIT.com

I pulled the network cable, but left it running in case there is something I can do to find what is in there.
  • 0

#33
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
well...pulling the cable will close the port hehe
  • 0

#34
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Scary part is the Firewall still shows port 80 traffic from the unplugged computer's IP address...... :tazz:
  • 0

#35
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
scary indeed......and if you close 80 on the firewall then the whole place will drop of the internet.....
  • 0

#36
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i hate to do it but.....uh..since my network here at work is still working...i get to go home.....sorry dude..i'll pick back up tomorrow
  • 0

#37
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Have a good night, thanks for your help.
  • 0

#38
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
i'm at work...so let's get this sucker working
  • 0

#39
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Well yesterday somebody mentioned RootKit. Doesn't give me warm fuzzy feelings, and I don't know how to find it. Saw that it can sometimes be easier to find by mapping the admin share and scanning from another computer that isn't corrupted.

I am installing SAV 10.1 and yesterday's virus definitions on another machine and will map the C$ share of the Win2000 server (Zion) and scan it.

I am also attempting to install Zone Alarm on my machine to see if it can catch anything trrying to get out, or in. Not sure if it will work, but I have had some luch installing EXE programs. MSI files don't stand a chance.

Of course now that I said that I see it is hung. So much for that idea..........
  • 0

#40
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
my laptop is now crawling with spyware...sooooo...i'm gonna go ahead and reformat the piece....i'll be back in an hour
  • 0

Advertisements


#41
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Looks like sombody just felt up my firewall.

Incomming from 218.74.223.126

Ports: (Source/Destination)
2327 to 1023
2358 to 1023
2407 to 1023
2562 to 445
2562 to 445
2569 to 445
2046 to 5554
2051 to 5554
2094 to 5554
2105 to 5554
2129 to 5554
2320 to 1023
  • 0

#42
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Zone Alarm install failed.

Was able to run RootkitRevealler though.
Found 96 discrepencies.
Most related to Symantec Antivirus and virus definitions.

Now I just have to figure out what to do next............ :tazz:
  • 0

#43
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Well I would say we are definately under attack. Another port scan similar to the last from a new IP address (which I also shut down) and now a barrage of hits from various IP addresses to various ports.

The good news is I think I managed to piss him off! :tazz:
  • 0

#44
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
hahahaha nice
  • 0

#45
Gargoyle357

Gargoyle357

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
APC Powerchute Agent, Business Edition Version 6.1

MUST be upgraded to version 7 before July 27, 2005 or your computer will suffer all of these bizzare symptoms.

APC finally posted it on their site.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP