[dsenette]

http

[Advertisements]

Don't know how to close the port. Can you explain?

Can't tell what process is talking. Killed the one I suspected, but it's still talking.

Ok, it is sending to 66.225.218.13.

Whois came up with MelbourneIT.com

I pulled the network cable, but left it running in case there is something I can do to find what is in there.

[Gargoyle357]

Don't know how to close the port. Can you explain?

Can't tell what process is talking. Killed the one I suspected, but it's still talking.

Ok, it is sending to 66.225.218.13.

Whois came up with MelbourneIT.com

I pulled the network cable, but left it running in case there is something I can do to find what is in there.

[dsenette]

well...pulling the cable will close the port hehe

[Gargoyle357]

Scary part is the Firewall still shows port 80 traffic from the unplugged computer's IP address......

[dsenette]

scary indeed......and if you close 80 on the firewall then the whole place will drop of the internet.....

[dsenette]

i hate to do it but.....uh..since my network here at work is still working...i get to go home.....sorry dude..i'll pick back up tomorrow

[Gargoyle357]

Have a good night, thanks for your help.

[dsenette]

i'm at work...so let's get this sucker working

[Gargoyle357]

Well yesterday somebody mentioned RootKit. Doesn't give me warm fuzzy feelings, and I don't know how to find it. Saw that it can sometimes be easier to find by mapping the admin share and scanning from another computer that isn't corrupted.

I am installing SAV 10.1 and yesterday's virus definitions on another machine and will map the C$ share of the Win2000 server (Zion) and scan it.

I am also attempting to install Zone Alarm on my machine to see if it can catch anything trrying to get out, or in. Not sure if it will work, but I have had some luch installing EXE programs. MSI files don't stand a chance.

Of course now that I said that I see it is hung. So much for that idea..........

[dsenette]

my laptop is now crawling with spyware...sooooo...i'm gonna go ahead and reformat the piece....i'll be back in an hour

[Gargoyle357]

Looks like sombody just felt up my firewall.

Incomming from 218.74.223.126

Ports: (Source/Destination)
2327 to 1023
2358 to 1023
2407 to 1023
2562 to 445
2562 to 445
2569 to 445
2046 to 5554
2051 to 5554
2094 to 5554
2105 to 5554
2129 to 5554
2320 to 1023

[Gargoyle357]

Zone Alarm install failed.

Was able to run RootkitRevealler though.
Found 96 discrepencies.
Most related to Symantec Antivirus and virus definitions.

Now I just have to figure out what to do next............

[Gargoyle357]

Well I would say we are definately under attack. Another port scan similar to the last from a new IP address (which I also shut down) and now a barrage of hits from various IP addresses to various ports.

The good news is I think I managed to piss him off!

[dsenette]

hahahaha nice

[Gargoyle357]

APC Powerchute Agent, Business Edition Version 6.1

MUST be upgraded to version 7 before July 27, 2005 or your computer will suffer all of these bizzare symptoms.

APC finally posted it on their site.