General discussion

Locked

Attack to port 445 (microsoft-ds)

By ohsanche ·
there are two strange proccesses under task manager called "svapache.exe" or "crtl.exe" and what they are doing is a heavy network scanning that makes the net slow down. the pc's don't have sasser, korgo or something like that and my norton is working with the last update. I had erased the files locating in windows\prefetch and windows\system32 and all registry keys, but after few hours it comes again.
Any help?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by mrafrohead In reply to Attack to port 445 (micro ...

If you have AV software I would highly recommend submitting those files. SOON

I can't find anything on them, and I would be inclined to think that you may have an infection.

I can very well be wrong, but I would rather err on the side of caution.

Collapse -

by ohsanche In reply to

Thank You in advanced Mrafrohead
I'd sent this files to Symantec, and I still have not recieved any comment, so if anybody wants me to send this files in order to analyze them, or have any idea I really will apreciate it, because as Mrafrohead has told, there is nothing about it in no where.

Collapse -

Port 445

by Rickster06 In reply to

Have not found the reason for this but will. Could be MS but in watching logs, I see that the traffic is responding to mulltiple IP addresses?
I do not like this activity either. I have disabled port 445 until I can complete research to be on safe side. May sniff packets as well to see content! Any updates from anyone is appreciated.

Rick
Network Engineer

Collapse -

solution found

by ohsanche In reply to Attack to port 445 (micro ...
Collapse -

Symantec Submissions

by matite In reply to solution found

In November last year I had a similar problem.

NIS 2004 would not recognise two files I knew were up to no good. After submitting them to Symantec it took them about 1 week to reply.

They sent a new set of temporary definition files and an email saying that the files would be added to the next liveupdate.

Related Discussions

Related Forums