RE: Virus or something???

  • From: "Rami SIK" <rami@xxxxxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 29 May 2003 09:52:43 +0300

At last...!!!!!!!!!

Good morning McAfee/NAI.....



 
--------------------------------------------------------------------
Rami SIK
 
System & Network Administrator
CCNA
 
Kimyatas
Istanbul / Turkey
 
Tel:90-212-334 4963
--------------------------------------------------------------------
 

-----Original Message-----
From: Mark Hippenstiel [mailto:M.Hippenstiel@xxxxxxxxxxxx] 
Sent: Wednesday, May 28, 2003 6:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Virus or something???

http://www.ISAserver.org


McAfee/NAI:

http://vil.nai.com/vil/content/v_100330.htm


> -----Original Message-----
> From: Rami SIK [mailto:rami@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, May 28, 2003 8:18 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Virus or something???
> 
> 
> http://www.ISAserver.org
> 
> 
> I am not sure but there is a new virus called something 
> Sysreg. Look in system32 folder, if there is a file called 
> Sysreg.exe file, then you ar eprobably infected. As I have 
> seen, only norton and panda cn detect it. We are using trend 
> and McAffee, but unfortunitly they say our system clean. 
> Anyway, this tries to connect to someplaces on the internet. 
> You may have sysreg.exe on your network. To clean it, read 
> the related document at Symantec site.
> 
>  
> --------------------------------------------------------------------
> Rami SIK
>  
> System & Network Administrator
> CCNA
>  
> Kimyatas
> Istanbul / Turkey
>  
> Tel:90-212-334 4963
> --------------------------------------------------------------------
>  
> 
> -----Original Message-----
> From: F.D. Sijbrandij [mailto:fokke@xxxxxxxxxxxxxx] 
> Sent: Wednesday, May 28, 2003 1:42 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Virus or something???
> 
> http://www.ISAserver.org
> 
> 
> Hi All,
> 
> I need your help with a problem and I hope somebody is 
> willing/able to help me. Since today I noticed a considerable 
> drop in my internet connection speed. While investigating the 
> problem I found that some program is trying to make 
> a lot
> of TCP connections to a far smaller number of IP adresses 
> somewhere in the US. The connection attempts are made over a 
> wide range of portnumbers. My problem is that I cannot 
> determine which program is making al these 
> connection attempts.
> Netshield cannot detect any virus, neither have I found any 
> spyware. An initual search through the directory structure of 
> the server running isa 
> didn't come up with any strange software.
> As far as I can tell all these request are initiated on the 
> server running isa.
> 
> I'm probably missing something very simple, butt can anyone 
> tell me how i 
> can find out which program is the source of all this?
> 
> Thanks,
> Fokke Sijbrandij
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank 
> email to $subst('Email.Unsub')
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: 
> http://www.serverfiles.com No.1 Exchange > Server Resource 
> Site: http://www.msexchange.org Windows Security Resource 
> Site: http://www.windowsecurity.com/ Network Security 
> Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a 
> blank email to $subst('Email.Unsub')
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rami@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2003