General discussion

Locked

how to identify a worm attack?

By kawarimi ·
I have a Windows XP on a P4 2.6 with 256Mb RAM, but the performance is not good, I have scanned it with most of the anti-spyware prog. and the network connections runs well for first few kb of packets, then it goes seriously slow till all network resource couldn't be access, same for internet connection.
I have disabled all the firewalls, so is this a worm's doing? how to get rid of it? thank you.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Not necessarily a worm

by _Christian_ In reply to how to identify a worm at ...

First, a good firewal, is what will let you figure if you have a worm.
Forget XP built-in "Firewall", it is almost useless (easy to demonstrate).

Now, if you have an alternative firewall, you MUST disactivate the built-in firewall first. You CANNOT run 2 firewalls on the same machine and expect that either will work correctly.

Which firewall you run is also important.
During my evaluations, I found 1 product which was having a severe case of memory leak.

There was also a major issue with memory leak on older version of various Visual xxx programming languages.

So, some programs could also generate memory leaks.

What happen in sequence is more and more memory block get allocated but never released, eventually Windows says that it ran out of virtual memory and want more (regardless the amount of physical memory you started with).
The amount of virtual memory keep increasing until it reaches the limit assigned, all the time slowing down the system further while increasing Hard drive activity.
Eventually the calls for memory exceed the maximum for Virtual memory, and the system freezes.

The firewall I found guilty of this locked my system in 4 hours, even after I experimentally multiplied by 5 the existing Virtual memory settings (which are sufficient with anything else).

When the system slows down, everything slows down proportionnally, so that looks very much like your symptoms.

If this is the case, you need to locate which software caused it.

start uninstalling one at a time, starting with the most recent install and going backwards, checking after each uninstall, until you find the culprit.

If your firewall software has a name matching this pattern: Sxxxxxxxxxx Pxxxxxxx Firewall (I will NOT name it explicitely), then you can bet good money that this is it. And start the process with it.

Collapse -

Performance

by Black Panther In reply to how to identify a worm at ...

Check how much disk space available also
How many programs ( icons are running on the taskbar ?? )

Check the startup to see how many programs are running

run 'msconfig' and check the startup and services box to see

or start > programs > accessories > system tools > system information to check running tasks ( under software )

in IE clear all temporary internet files and cookies, history

Collapse -

worm_blueworm.c

by kawarimi In reply to how to identify a worm at ...

Thanks for the ideas, it was helpful. Today I installed another AV --> Trend Micro's, it detected "worm_blueworm.C" in my XP system restore folder, but I couldn't find any files in there with the "show all hidden files" option enabled.

Back to Malware Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums