General discussion

Locked

Attack to port 445 (microsoft-ds)

By ohsanche ·
there are two strange proccesses under task manager called "svapache.exe" or "crtl.exe" and what they are doing is a heavy network scanning that makes the net slow down. the pc's don't have sasser, korgo or something like that and my norton is working with the last update. I had erased the files locating in windows\prefetch and windows\system32 and all registry keys, but after few hours it comes again.
Any help?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mrafrohead In reply to Attack to port 445 (micro ...

If you have AV software I would highly recommend submitting those files. SOON

I can't find anything on them, and I would be inclined to think that you may have an infection.

I can very well be wrong, but I would rather err on the side of caution.

Collapse -

by ohsanche In reply to

Thank You in advanced Mrafrohead
I'd sent this files to Symantec, and I still have not recieved any comment, so if anybody wants me to send this files in order to analyze them, or have any idea I really will apreciate it, because as Mrafrohead has told, there is nothing about it in no where.

Collapse -

Port 445

by Rickster06 In reply to

Have not found the reason for this but will. Could be MS but in watching logs, I see that the traffic is responding to mulltiple IP addresses?
I do not like this activity either. I have disabled port 445 until I can complete research to be on safe side. May sniff packets as well to see content! Any updates from anyone is appreciated.

Rick
Network Engineer

Collapse -

solution found

by ohsanche In reply to Attack to port 445 (micro ...

After sending files tred clasify the new virus.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FRBOT%2EALF&VSect=P

thnx to the guys from Trend

Collapse -

Symantec Submissions

by matite In reply to solution found

In November last year I had a similar problem.

NIS 2004 would not recognise two files I knew were up to no good. After submitting them to Symantec it took them about 1 week to reply.

They sent a new set of temporary definition files and an email saying that the files would be added to the next liveupdate.

Back to Malware Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums