McAfee/NAI: http://vil.nai.com/vil/content/v_100330.htm > -----Original Message----- > From: Rami SIK [mailto:rami@xxxxxxxxxxxxxxx] > Sent: Wednesday, May 28, 2003 8:18 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Virus or something??? > > > http://www.ISAserver.org > > > I am not sure but there is a new virus called something > Sysreg. Look in system32 folder, if there is a file called > Sysreg.exe file, then you ar eprobably infected. As I have > seen, only norton and panda cn detect it. We are using trend > and McAffee, but unfortunitly they say our system clean. > Anyway, this tries to connect to someplaces on the internet. > You may have sysreg.exe on your network. To clean it, read > the related document at Symantec site. > > > -------------------------------------------------------------------- > Rami SIK > > System & Network Administrator > CCNA > > Kimyatas > Istanbul / Turkey > > Tel:90-212-334 4963 > -------------------------------------------------------------------- > > > -----Original Message----- > From: F.D. Sijbrandij [mailto:fokke@xxxxxxxxxxxxxx] > Sent: Wednesday, May 28, 2003 1:42 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Virus or something??? > > http://www.ISAserver.org > > > Hi All, > > I need your help with a problem and I hope somebody is > willing/able to help me. Since today I noticed a considerable > drop in my internet connection speed. While investigating the > problem I found that some program is trying to make > a lot > of TCP connections to a far smaller number of IP adresses > somewhere in the US. The connection attempts are made over a > wide range of portnumbers. My problem is that I cannot > determine which program is making al these > connection attempts. > Netshield cannot detect any virus, neither have I found any > spyware. An initual search through the directory structure of > the server running isa > didn't come up with any strange software. > As far as I can tell all these request are initiated on the > server running isa. > > I'm probably missing something very simple, butt can anyone > tell me how i > can find out which program is the source of all this? > > Thanks, > Fokke Sijbrandij > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank > email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > Leading Network Software Directory: > http://www.serverfiles.com No.1 Exchange > Server Resource > Site: http://www.msexchange.org Windows Security Resource > Site: http://www.windowsecurity.com/ Network Security > Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: m.hippenstiel@xxxxxxxxxxxx To unsubscribe send a > blank email to $subst('Email.Unsub') >