XP & 2000 Server issues on Domain. Real bad!
Started by
Gargoyle357
, Aug 03 2005 08:04 AM
#31
Posted 03 August 2005 - 03:02 PM
#32
Posted 03 August 2005 - 03:09 PM
Don't know how to close the port. Can you explain?
Can't tell what process is talking. Killed the one I suspected, but it's still talking.
Ok, it is sending to 66.225.218.13.
Whois came up with MelbourneIT.com
I pulled the network cable, but left it running in case there is something I can do to find what is in there.
Can't tell what process is talking. Killed the one I suspected, but it's still talking.
Ok, it is sending to 66.225.218.13.
Whois came up with MelbourneIT.com
I pulled the network cable, but left it running in case there is something I can do to find what is in there.
#33
Posted 03 August 2005 - 03:11 PM
well...pulling the cable will close the port hehe
#34
Posted 03 August 2005 - 03:18 PM
Scary part is the Firewall still shows port 80 traffic from the unplugged computer's IP address......
#35
Posted 03 August 2005 - 03:20 PM
scary indeed......and if you close 80 on the firewall then the whole place will drop of the internet.....
#36
Posted 03 August 2005 - 03:22 PM
i hate to do it but.....uh..since my network here at work is still working...i get to go home.....sorry dude..i'll pick back up tomorrow
#37
Posted 03 August 2005 - 03:28 PM
Have a good night, thanks for your help.
#38
Posted 04 August 2005 - 06:34 AM
i'm at work...so let's get this sucker working
#39
Posted 04 August 2005 - 06:48 AM
Well yesterday somebody mentioned RootKit. Doesn't give me warm fuzzy feelings, and I don't know how to find it. Saw that it can sometimes be easier to find by mapping the admin share and scanning from another computer that isn't corrupted.
I am installing SAV 10.1 and yesterday's virus definitions on another machine and will map the C$ share of the Win2000 server (Zion) and scan it.
I am also attempting to install Zone Alarm on my machine to see if it can catch anything trrying to get out, or in. Not sure if it will work, but I have had some luch installing EXE programs. MSI files don't stand a chance.
Of course now that I said that I see it is hung. So much for that idea..........
I am installing SAV 10.1 and yesterday's virus definitions on another machine and will map the C$ share of the Win2000 server (Zion) and scan it.
I am also attempting to install Zone Alarm on my machine to see if it can catch anything trrying to get out, or in. Not sure if it will work, but I have had some luch installing EXE programs. MSI files don't stand a chance.
Of course now that I said that I see it is hung. So much for that idea..........
#40
Posted 04 August 2005 - 06:50 AM
my laptop is now crawling with spyware...sooooo...i'm gonna go ahead and reformat the piece....i'll be back in an hour
#41
Posted 04 August 2005 - 08:03 AM
Looks like sombody just felt up my firewall.
Incomming from 218.74.223.126
Ports: (Source/Destination)
2327 to 1023
2358 to 1023
2407 to 1023
2562 to 445
2562 to 445
2569 to 445
2046 to 5554
2051 to 5554
2094 to 5554
2105 to 5554
2129 to 5554
2320 to 1023
Incomming from 218.74.223.126
Ports: (Source/Destination)
2327 to 1023
2358 to 1023
2407 to 1023
2562 to 445
2562 to 445
2569 to 445
2046 to 5554
2051 to 5554
2094 to 5554
2105 to 5554
2129 to 5554
2320 to 1023
#42
Posted 04 August 2005 - 08:16 AM
Zone Alarm install failed.
Was able to run RootkitRevealler though.
Found 96 discrepencies.
Most related to Symantec Antivirus and virus definitions.
Now I just have to figure out what to do next............
Was able to run RootkitRevealler though.
Found 96 discrepencies.
Most related to Symantec Antivirus and virus definitions.
Now I just have to figure out what to do next............
#43
Posted 04 August 2005 - 09:15 AM
Well I would say we are definately under attack. Another port scan similar to the last from a new IP address (which I also shut down) and now a barrage of hits from various IP addresses to various ports.
The good news is I think I managed to piss him off!
The good news is I think I managed to piss him off!
#44
Posted 04 August 2005 - 09:44 AM
hahahaha nice
#45
Posted 04 August 2005 - 03:49 PM
APC Powerchute Agent, Business Edition Version 6.1
MUST be upgraded to version 7 before July 27, 2005 or your computer will suffer all of these bizzare symptoms.
APC finally posted it on their site.
MUST be upgraded to version 7 before July 27, 2005 or your computer will suffer all of these bizzare symptoms.
APC finally posted it on their site.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users