RE: Virus or something???

• From: "Rami SIK" <rami@xxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 28 May 2003 09:18:27 +0300

I am not sure but there is a new virus called something Sysreg. Look in
system32 folder, if there is a file called Sysreg.exe file, then you ar
eprobably infected. As I have seen, only norton and panda cn detect it. We
are using trend and McAffee, but unfortunitly they say our system clean.
Anyway, this tries to connect to someplaces on the internet. You may have
sysreg.exe on your network. To clean it, read the related document at
Symantec site.

 
--------------------------------------------------------------------
Rami SIK
 
System & Network Administrator
CCNA
 
Kimyatas
Istanbul / Turkey
 
Tel:90-212-334 4963
--------------------------------------------------------------------
 

-----Original Message-----
From: F.D. Sijbrandij [mailto:fokke@xxxxxxxxxxxxxx] 
Sent: Wednesday, May 28, 2003 1:42 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Virus or something???

http://www.ISAserver.org


Hi All,

I need your help with a problem and I hope somebody is willing/able to help
me.
Since today I noticed a considerable drop in my internet connection speed.
While investigating the problem I found that some program is trying to make 
a lot
of TCP connections to a far smaller number of IP adresses somewhere in the
US.
The connection attempts are made over a wide range of portnumbers.
My problem is that I cannot determine which program is making al these 
connection attempts.
Netshield cannot detect any virus, neither have I found any spyware.
An initual search through the directory structure of the server running isa 
didn't come up with any strange software.
As far as I can tell all these request are initiated on the server running
isa.

I'm probably missing something very simple, butt can anyone tell me how i 
can find out which program is the source of all this?

Thanks,
Fokke Sijbrandij


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rami@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Virus or something???
• » RE: Virus or something???
• » Re: Virus or something???
• » RE: Virus or something???
• » RE: Virus or something???

1. Home
2. isalist
3. Archive
4. 05-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---