|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Malware/trojan attacks
krokofish
hotmail.com
Date: Wed Oct 25 2006 - 15:39:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Richard,
i think i have the same problem on an WinXP Home Edition Laptop here.
I got this laptop from a friend. He complained about slow reaction and other bad behaviour while working.
First thing i´ve tried was to scan for viruses with ClamAntiVirus and Stinger.exe. Two viruses where found and successfully removed, here the stinger message:
W32/Sdbot.worm!ftp virus !!!
W32/Bugbear.6991MM virus !!!
So far so good, but after installing XP SP2 i´m only able to access websites (IE/Firefox) one time. After a successfull HTTP request the browser is not able to access websites anymore.
But pinging the hosts inside the CommandLine is possible.
Now i tried to analyze the log output from RASDIAG.EXE (which is part of the Win XP Support Tools Package) and I found one (and only one!!) active connection to the IP you listed above:
Proto Lokale Adresse Remoteadresse Status
TCP 192.168.0.73 213.121.73.136:19555 HERGESTELLT
I found no solution until now, did you do??
------------------------------------------------------------------------------
This List Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]