On 12/2/10 5:11 PM, Michael Madigan wrote: >> From one computer I have is sending out packets to 138.1.1.99 and >> 138.1.1.101. on port 137 It will try it 3 times every 2 minutes. > > I have shut off that port on the router, but I've run Combofix. AVG, and > Malwarebytes on the system and can't find what is doing it. > > The IPs link to Oracle Corp in Chicago. > > When I do a netstat -ano , the only program I get that is transmitting is > system. > > Anyone have any ideas?
Look through running services; shut down (at least temporarily) all possible services to see if one of them was the culprit. Kill Windows Explorer from the task manager right before the 2 minute mark to see if something there was the culprit. When you netstat -ano, is it for the port 137? You may need to write a script to continually call "netstat -ano | grep 137" (or whatever the Windows equivalent of grep is) until you find the actual process attempting the connection. Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
