Posted: Thu Oct 23, 2008 2:23 pm Post subject: Bot activity IRC.Foonet.com assitance required
@mods please move post to relevant topic if required
I have stumbled upon some suspicious network activity on a workstation on my Home network.
Unfortunately undetectably by many apps
NOD32 [with latest updates]
Spybot [latest updates]
sysinternals/MS rootkit detection
Here it goes:
While PC does not contain any viruses or malware as scans have come up negative both using Nod32 and Spybot both with latest definitions.
With further investigation using both tcpview and procexp [both sysinternal products] it showed the originator being a process svchost.exe frequently randomizing the port in all available rangers e.g. 1971,1972, 1973 555,556 using UDP protocol.
TCPview reports the remote address being gimmejizz.com:1311 when I first stumbled upon this it would stay a constant connection but has changed to established/disc/syn_sent/established. This was after force terminating the process and along with it the connection. It would not execute the process/connection again until 1-2hrs later.
Have also found as soon the process starts another intermittently svchost.exe executes but makes no external connection from what I can see.
As soon as all traffic is blocked by software based host firewall no more external connect attempts are displayed in either TCPview or wireshark.
Unable to determine what is calling on the svchost process at this stage.
Hello, If you are infected by a bot you should consider downloading Norton Internet Security 2009 trial and running a full scan. This in my expert opinion should remove ALL bots and other infections from your computer.
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
Posted: Wed Apr 01, 2009 6:56 pm Post subject:
Have they improved Norton at all with their 2009 version? I have tried most versions pre-2009 and they were all pigs when it came to eating resources. I also found them to be buggy - IE certain things would not work properly even if disabled the feature in Norton; they would not work properly until I uninstalled Norton.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum