Can anyone id these virii?

Toggle sidebar Toggle sidebar
F

FrecklesTheDestroyer

Junior Member
Sep 14, 2004
9
0
0
Couldn't find a good security forum, thought I'd post here. I have one virus on my buddy's box, termserv.exe, constantly sending out packets to random ip's on the network on port 113 (ident), and I have another on my mom's laptop ntfs16.exe hitting port 443 in the same way. Between both, they have my freesco box's masq table filled up good :| and I had to set the masq timeouts EXTREMELY low. If either of these sound familar to anyone, please post anyone info you can. I can't find ANY info on ntfs16.exe and a search for termserv.exe just gives me windows terminal service or a virus (which I couldn't find any traces of otherwise (aradmin, or something like that)). Any info would be greatly appreciated.

thanks
 
F

FrecklesTheDestroyer

Junior Member
Sep 14, 2004
9
0
0
I came to the conclusion it was termserv.exe by killing the process and watching the link status (my buddy's box (the one running termserv.exe) was sending out 100-200 packets a second, without anything else running) as soon as I killed that app, the packets stopped jumping up like that. Here's a VERY SMALL clip of my masq table from last night:

tcp 00:47.79 192.168.1.11 192.168.14.125 3633 (62776) -> 113
tcp 00:38.72 192.168.1.11 192.168.105.207 3372 (62520) -> 113
tcp 00:29.92 192.168.1.11 192.168.171.184 3117 (62264) -> 113
tcp 00:20.07 192.168.1.11 192.168.19.201 4719 (62008) -> 113
tcp 00:11.22 192.168.1.11 192.168.122.49 4459 (61752) -> 113
tcp 00:01.37 192.168.1.11 192.168.87.84 4199 (61496) -> 113
tcp 00:57.42 192.168.1.11 192.168.243.8 3890 (63031) -> 113

and the whole table was like this. Anyone familar with this one?

Thanks for the link, btw
 
F

FrecklesTheDestroyer

Junior Member
Sep 14, 2004
9
0
0
I used the network connection status in xp. All it says is the # of packets tho. To find the program sending packets I just killed the sketchy looking processes one by one, watching the status window. When it stopped jumping up, I found my program.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |