RE: Virus or something???
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 28 May 2003 17:22:51 +0200
McAfee/NAI:
http://vil.nai.com/vil/content/v_100330.htm
> -----Original Message-----
> From: Rami SIK [mailto:rami@xxxxxxxxxxxxxxx]
> Sent: Wednesday, May 28, 2003 8:18 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Virus or something???
>
>
> http://www.ISAserver.org
>
>
> I am not sure but there is a new virus called something
> Sysreg. Look in system32 folder, if there is a file called
> Sysreg.exe file, then you ar eprobably infected. As I have
> seen, only norton and panda cn detect it. We are using trend
> and McAffee, but unfortunitly they say our system clean.
> Anyway, this tries to connect to someplaces on the internet.
> You may have sysreg.exe on your network. To clean it, read
> the related document at Symantec site.
>
>
> --------------------------------------------------------------------
> Rami SIK
>
> System & Network Administrator
> CCNA
>
> Kimyatas
> Istanbul / Turkey
>
> Tel:90-212-334 4963
> --------------------------------------------------------------------
>
>
> -----Original Message-----
> From: F.D. Sijbrandij [mailto:fokke@xxxxxxxxxxxxxx]
> Sent: Wednesday, May 28, 2003 1:42 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Virus or something???
>
> http://www.ISAserver.org
>
>
> Hi All,
>
> I need your help with a problem and I hope somebody is
> willing/able to help me. Since today I noticed a considerable
> drop in my internet connection speed. While investigating the
> problem I found that some program is trying to make
> a lot
> of TCP connections to a far smaller number of IP adresses
> somewhere in the US. The connection attempts are made over a
> wide range of portnumbers. My problem is that I cannot
> determine which program is making al these
> connection attempts.
> Netshield cannot detect any virus, neither have I found any
> spyware. An initual search through the directory structure of
> the server running isa
> didn't come up with any strange software.
> As far as I can tell all these request are initiated on the
> server running isa.
>
> I'm probably missing something very simple, butt can anyone
> tell me how i
> can find out which program is the source of all this?
>
> Thanks,
> Fokke Sijbrandij
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank
> email to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory:
> http://www.serverfiles.com No.1 Exchange > Server Resource
> Site: http://www.msexchange.org Windows Security Resource
> Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
Other related posts:
