> I removed it, but it seems that something else is > amiss, > I still see lots of traffic from explorer.exe on the > 1472 port.
Have you captured any of this traffic? > The traffic is indeed coming from a system I have > control of, > I still have no dumps though. I can see nothing > worrying apart > from the aforementioned keylogger which has now been > removed Not even this other traffic you've mentioned? > Lots of data is transferred from my computer to the > outside world, > pretty much all to addresses in the 35.xx.xx.xx > range on the > microsoft-ds port. Huge amount of short lived > connections. > I thought it looked like worm activity but I might > be wrong. Or you might not be. Again, have you captured any of the traffic? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
