I am not sure but there is a new virus called something Sysreg. Look in system32 folder, if there is a file called Sysreg.exe file, then you ar eprobably infected. As I have seen, only norton and panda cn detect it. We are using trend and McAffee, but unfortunitly they say our system clean. Anyway, this tries to connect to someplaces on the internet. You may have sysreg.exe on your network. To clean it, read the related document at Symantec site. -------------------------------------------------------------------- Rami SIK System & Network Administrator CCNA Kimyatas Istanbul / Turkey Tel:90-212-334 4963 -------------------------------------------------------------------- -----Original Message----- From: F.D. Sijbrandij [mailto:fokke@xxxxxxxxxxxxxx] Sent: Wednesday, May 28, 2003 1:42 AM To: [ISAserver.org Discussion List] Subject: [isalist] Virus or something??? http://www.ISAserver.org Hi All, I need your help with a problem and I hope somebody is willing/able to help me. Since today I noticed a considerable drop in my internet connection speed. While investigating the problem I found that some program is trying to make a lot of TCP connections to a far smaller number of IP adresses somewhere in the US. The connection attempts are made over a wide range of portnumbers. My problem is that I cannot determine which program is making al these connection attempts. Netshield cannot detect any virus, neither have I found any spyware. An initual search through the directory structure of the server running isa didn't come up with any strange software. As far as I can tell all these request are initiated on the server running isa. I'm probably missing something very simple, butt can anyone tell me how i can find out which program is the source of all this? Thanks, Fokke Sijbrandij ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')