Incidents
Re: Malware/trojan attacks Oct 25 2006 08:39PM
krokofish hotmail com
Hello Richard,

i think i have the same problem on an WinXP Home Edition Laptop here.
I got this laptop from a friend. He complained about slow reaction and other bad behaviour while working.
First thing i´ve tried was to scan for viruses with ClamAntiVirus and Stinger.exe. Two viruses where found and successfully removed, here the stinger message:
W32/Sdbot.worm!ftp virus !!!
W32/Bugbear.6991@MM virus !!!

So far so good, but after installing XP SP2 i´m only able to access websites (IE/Firefox) one time. After a successfull HTTP request the browser is not able to access websites anymore.
But pinging the hosts inside the CommandLine is possible.

Now i tried to analyze the log output from RASDIAG.EXE (which is part of the Win XP Support Tools Package) and I found one (and only one!!) active connection to the IP you listed above:
Proto Lokale Adresse Remoteadresse Status
TCP 192.168.0.73 213.121.73.136:19555 HERGESTELLT

I found no solution until now, did you do??

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus