found a utility called Dtaskmanager
shows all processes assosiated with ports (very nice utility)
using it, found the culprit
it was a lexmark application looking for printers, starting with IP 0.x.x.x
and scanning up
it was using a fixed 32k outbound bandwidth
stopped the services
problem resolved
Thanks to all
----- Original Message -----
From: "SJ.Stanaitis" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, January 28, 2008 8:52 PM
Subject: RE: [Declude.JunkMail] OT: Virus pb
Sounds like a rootkit maybe, try rootkitreveal. Also try scanning the
drives externally from a clean system.
--SJ
SJ.Stanaitis - Network Administrator
Decorative Product Source, Inc
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge
Sent: Monday, January 28, 2008 3:00 PM
To: [email protected]
Subject: [Declude.JunkMail] OT: Virus pb
Hi all
i have an infected w2k server sending traffic to random IP local port is
1044 and remote port 161 (snmp) All the AV i tried found nothing Is there
an
easy way to find what application/process is generating this traffic ?
(tried fport, didnt help) Anyone has an idea about what this
application/virus might be ?
TIA and Regards
---
This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail". The archives can be found at
http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
