SVChost.exe is making my life miserable!

Vijay

Distinguished
Apr 22, 2004
14
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

Hello all! I have a windows 2000 professional machine with a dialup internet
connection. Everything is fine when i am not connected to the net. Once i
connect, SVCHost.exe starts making lots of tcp connections to god knows
where. After sometime, the number of connection goes into the hundreds and
my machine literally starts to crawl. Links on web pages don't work. Copy
and paste does not work. RPC Processes crashes after windows reports that
scvhost.exe has done some illegal operation! Disconnect dialup does not
work - Finally i'm so cheased off that i have to press the reset button!

I have Norton Antivirus running and it quarantined explorer.exe infected
with Trojan.VirtualRoot.
I'm also running Lavasoft Adaware.

Can anyone tell me what's going on inside my box?

HELP ME PLEASE!

Vijay

Here are the dumps for NETSTAT -

Have a look at the dump of netstat before connecting to the net


Active Connections

Proto Local Address Foreign Address State
TCP vijay:http vijay:0 LISTENING
TCP vijay:epmap vijay:0 LISTENING
TCP vijay:https vijay:0 LISTENING
TCP vijay:microsoft-ds vijay:0 LISTENING
TCP vijay:1025 vijay:0 LISTENING
TCP vijay:1027 vijay:0 LISTENING
TCP vijay:1030 vijay:0 LISTENING
TCP vijay:1291 vijay:0 LISTENING
TCP vijay:7160 vijay:0 LISTENING
TCP vijay:7893 vijay:0 LISTENING
UDP vijay:epmap *:*
UDP vijay:microsoft-ds *:*
UDP vijay:1026 *:*
UDP vijay:3456 *:*

Now have a look at what happens after sometime (holy cow u'll need lotsa
patience here)

Active Connections

Proto Local Address Foreign Address State
TCP vijay:http vijay:0 LISTENING
TCP vijay:https vijay:0 LISTENING
TCP vijay:microsoft-ds vijay:0 LISTENING
TCP vijay:1025 vijay:0 LISTENING
TCP vijay:1027 vijay:0 LISTENING
TCP vijay:1032 vijay:0 LISTENING
TCP vijay:1117 vijay:0 LISTENING
TCP vijay:1762 vijay:0 LISTENING
TCP vijay:2093 vijay:0 LISTENING
TCP vijay:2119 vijay:0 LISTENING
TCP vijay:2378 vijay:0 LISTENING
TCP vijay:2398 vijay:0 LISTENING
TCP vijay:2434 vijay:0 LISTENING
TCP vijay:2502 vijay:0 LISTENING
TCP vijay:2576 vijay:0 LISTENING
TCP vijay:2577 vijay:0 LISTENING
TCP vijay:2578 vijay:0 LISTENING
TCP vijay:2579 vijay:0 LISTENING
TCP vijay:2580 vijay:0 LISTENING
TCP vijay:2581 vijay:0 LISTENING
TCP vijay:2582 vijay:0 LISTENING
TCP vijay:2583 vijay:0 LISTENING
TCP vijay:2584 vijay:0 LISTENING
TCP vijay:2585 vijay:0 LISTENING
TCP vijay:2586 vijay:0 LISTENING
TCP vijay:2587 vijay:0 LISTENING
TCP vijay:2588 vijay:0 LISTENING
TCP vijay:2589 vijay:0 LISTENING
TCP vijay:2590 vijay:0 LISTENING
TCP vijay:2591 vijay:0 LISTENING
TCP vijay:2592 vijay:0 LISTENING
TCP vijay:2593 vijay:0 LISTENING
TCP vijay:2594 vijay:0 LISTENING
TCP vijay:2595 vijay:0 LISTENING
TCP vijay:2596 vijay:0 LISTENING
TCP vijay:2597 vijay:0 LISTENING
TCP vijay:2598 vijay:0 LISTENING
TCP vijay:2599 vijay:0 LISTENING
TCP vijay:2600 vijay:0 LISTENING
TCP vijay:2602 vijay:0 LISTENING
TCP vijay:2603 vijay:0 LISTENING
TCP vijay:2604 vijay:0 LISTENING
TCP vijay:2605 vijay:0 LISTENING
TCP vijay:2606 vijay:0 LISTENING
TCP vijay:2607 vijay:0 LISTENING
TCP vijay:2608 vijay:0 LISTENING
TCP vijay:2609 vijay:0 LISTENING
TCP vijay:2610 vijay:0 LISTENING
TCP vijay:2611 vijay:0 LISTENING
TCP vijay:2612 vijay:0 LISTENING
TCP vijay:2613 vijay:0 LISTENING
TCP vijay:2614 vijay:0 LISTENING
TCP vijay:2615 vijay:0 LISTENING
TCP vijay:2616 vijay:0 LISTENING
TCP vijay:2617 vijay:0 LISTENING
TCP vijay:2618 vijay:0 LISTENING
TCP vijay:2619 vijay:0 LISTENING
TCP vijay:2620 vijay:0 LISTENING
TCP vijay:2621 vijay:0 LISTENING
TCP vijay:2622 vijay:0 LISTENING
TCP vijay:2623 vijay:0 LISTENING
TCP vijay:2624 vijay:0 LISTENING
TCP vijay:2625 vijay:0 LISTENING
TCP vijay:2626 vijay:0 LISTENING
TCP vijay:2627 vijay:0 LISTENING
TCP vijay:2628 vijay:0 LISTENING
TCP vijay:2629 vijay:0 LISTENING
TCP vijay:2630 vijay:0 LISTENING
TCP vijay:2631 vijay:0 LISTENING
TCP vijay:2766 vijay:0 LISTENING
TCP vijay:2953 vijay:0 LISTENING
TCP vijay:3026 vijay:0 LISTENING
TCP vijay:3718 vijay:0 LISTENING
TCP vijay:4962 vijay:0 LISTENING
TCP vijay:1117 12-216-252-134.client.mchsi.com:6667
ESTABLISHED
TCP vijay:1126 61.2.227.132:epmap TIME_WAIT
TCP vijay:1131 61.2.227.137:epmap TIME_WAIT
TCP vijay:1138 61.2.227.132:epmap TIME_WAIT
TCP vijay:1140 61.2.227.137:epmap TIME_WAIT
TCP vijay:1169 61.2.227.132:epmap TIME_WAIT
TCP vijay:1183 61.2.227.186:epmap TIME_WAIT
TCP vijay:1216 61.2.227.186:epmap TIME_WAIT
TCP vijay:1355 61.2.227.137:epmap TIME_WAIT
TCP vijay:1375 61.2.227.186:epmap TIME_WAIT
TCP vijay:1398 61.2.228.140:epmap TIME_WAIT
TCP vijay:1406 61.2.228.148:epmap TIME_WAIT
TCP vijay:1410 61.2.228.140:epmap TIME_WAIT
TCP vijay:1432 61.2.228.148:epmap TIME_WAIT
TCP vijay:1439 61.2.228.179:epmap TIME_WAIT
TCP vijay:1448 61.2.228.179:epmap TIME_WAIT
TCP vijay:1457 61.2.228.196:epmap TIME_WAIT
TCP vijay:1466 61.2.228.196:epmap TIME_WAIT
TCP vijay:1479 61.2.228.217:epmap TIME_WAIT
TCP vijay:1497 61.2.228.217:epmap TIME_WAIT
TCP vijay:1500 61.2.228.237:epmap TIME_WAIT
TCP vijay:1502 61.2.228.239:epmap TIME_WAIT
TCP vijay:1509 61.2.228.237:epmap TIME_WAIT
TCP vijay:1513 61.2.228.248:epmap TIME_WAIT
TCP vijay:1518 61.2.228.248:epmap TIME_WAIT
TCP vijay:1526 61.2.228.217:epmap TIME_WAIT
TCP vijay:1528 61.2.229.4:epmap TIME_WAIT
TCP vijay:1540 61.2.229.4:epmap TIME_WAIT
TCP vijay:1547 61.2.228.237:epmap TIME_WAIT
TCP vijay:1548 61.2.229.21:epmap TIME_WAIT
TCP vijay:1552 61.2.229.25:epmap TIME_WAIT
TCP vijay:1559 61.2.229.21:epmap TIME_WAIT
TCP vijay:1571 61.2.229.25:epmap TIME_WAIT
TCP vijay:1573 61.2.229.41:epmap TIME_WAIT
TCP vijay:1580 61.2.229.4:epmap TIME_WAIT
TCP vijay:1586 61.2.229.53:epmap TIME_WAIT
TCP vijay:1590 61.2.229.41:epmap TIME_WAIT
TCP vijay:1605 61.2.229.53:epmap TIME_WAIT
TCP vijay:1612 61.2.229.21:epmap TIME_WAIT
TCP vijay:1635 61.2.229.53:epmap TIME_WAIT
TCP vijay:1636 61.2.229.41:epmap TIME_WAIT
TCP vijay:1762 61.2.167.88:epmap ESTABLISHED
TCP vijay:2040 61.2.215.136:epmap TIME_WAIT
TCP vijay:2093 61.2.228.239:epmap ESTABLISHED
TCP vijay:2119 203.199.83.131:http ESTABLISHED
TCP vijay:2132 61.2.216.17:epmap TIME_WAIT
TCP vijay:2138 61.2.216.17:epmap TIME_WAIT
TCP vijay:2190 61.2.216.74:epmap TIME_WAIT
TCP vijay:2201 61.2.216.74:epmap TIME_WAIT
TCP vijay:2315 61.2.232.1:epmap TIME_WAIT
TCP vijay:2318 61.2.232.4:epmap TIME_WAIT
TCP vijay:2326 61.2.232.1:epmap TIME_WAIT
TCP vijay:2327 61.2.232.4:epmap TIME_WAIT
TCP vijay:2334 61.2.232.18:epmap TIME_WAIT
TCP vijay:2335 61.2.232.19:epmap TIME_WAIT
TCP vijay:2343 61.2.232.19:epmap TIME_WAIT
TCP vijay:2347 61.2.232.18:epmap TIME_WAIT
TCP vijay:2351 61.2.232.33:epmap TIME_WAIT
TCP vijay:2355 61.2.232.37:epmap TIME_WAIT
TCP vijay:2357 61.2.232.39:epmap TIME_WAIT
TCP vijay:2360 61.2.232.42:epmap TIME_WAIT
TCP vijay:2361 61.2.232.4:epmap TIME_WAIT
TCP vijay:2362 61.2.232.33:epmap TIME_WAIT
TCP vijay:2363 61.2.232.37:epmap TIME_WAIT
TCP vijay:2365 61.2.232.44:epmap TIME_WAIT
TCP vijay:2372 61.2.232.42:epmap TIME_WAIT
TCP vijay:2374 61.2.232.52:epmap TIME_WAIT
TCP vijay:2378 61.2.232.39:epmap FIN_WAIT_1
TCP vijay:2381 61.2.232.44:epmap TIME_WAIT
TCP vijay:2389 61.2.232.65:epmap TIME_WAIT
TCP vijay:2395 61.2.232.71:epmap TIME_WAIT
TCP vijay:2396 61.2.232.72:epmap TIME_WAIT
TCP vijay:2398 61.2.216.203:epmap ESTABLISHED
TCP vijay:2399 61.2.232.73:epmap TIME_WAIT
TCP vijay:2400 61.2.232.37:epmap TIME_WAIT
TCP vijay:2401 61.2.232.65:epmap TIME_WAIT
TCP vijay:2405 61.2.232.77:epmap TIME_WAIT
TCP vijay:2409 61.2.232.71:epmap TIME_WAIT
TCP vijay:2410 61.2.232.52:epmap TIME_WAIT
TCP vijay:2414 61.2.232.84:epmap TIME_WAIT
TCP vijay:2418 61.2.232.73:epmap TIME_WAIT
TCP vijay:2422 61.2.232.77:epmap TIME_WAIT
TCP vijay:2424 61.2.232.72:epmap TIME_WAIT
TCP vijay:2426 61.2.232.93:epmap TIME_WAIT
TCP vijay:2431 61.2.232.84:epmap TIME_WAIT
TCP vijay:2432 61.2.232.98:epmap TIME_WAIT
TCP vijay:2434 61.2.79.171:epmap ESTABLISHED
TCP vijay:2438 61.2.232.103:epmap TIME_WAIT
TCP vijay:2446 61.2.232.93:epmap TIME_WAIT
TCP vijay:2451 61.2.232.116:epmap TIME_WAIT
TCP vijay:2453 61.2.232.117:epmap TIME_WAIT
TCP vijay:2457 61.2.232.103:epmap TIME_WAIT
TCP vijay:2462 61.2.232.98:epmap TIME_WAIT
TCP vijay:2467 61.2.232.117:epmap TIME_WAIT
TCP vijay:2468 61.2.232.116:epmap TIME_WAIT
TCP vijay:2472 61.2.232.73:epmap TIME_WAIT
TCP vijay:2487 61.2.232.52:epmap TIME_WAIT
TCP vijay:2502 61.2.232.39:epmap SYN_SENT
TCP vijay:2576 61.2.232.233:epmap SYN_SENT
TCP vijay:2577 61.2.232.234:epmap SYN_SENT
TCP vijay:2578 61.2.232.235:epmap SYN_SENT
TCP vijay:2579 61.2.232.236:epmap SYN_SENT
TCP vijay:2580 61.2.232.237:epmap SYN_SENT
TCP vijay:2581 61.2.232.238:epmap SYN_SENT
TCP vijay:2582 61.2.232.239:epmap SYN_SENT
TCP vijay:2583 61.2.232.240:epmap SYN_SENT
TCP vijay:2584 61.2.232.241:epmap SYN_SENT
TCP vijay:2585 61.2.232.242:epmap SYN_SENT
TCP vijay:2586 61.2.232.243:epmap SYN_SENT
TCP vijay:2587 61.2.232.244:epmap SYN_SENT
TCP vijay:2588 61.2.232.245:epmap SYN_SENT
TCP vijay:2589 61.2.232.246:epmap SYN_SENT
TCP vijay:2590 61.2.232.247:epmap SYN_SENT
TCP vijay:2591 61.2.232.248:epmap SYN_SENT
TCP vijay:2592 61.2.232.249:epmap SYN_SENT
TCP vijay:2593 61.2.232.250:epmap SYN_SENT
TCP vijay:2594 61.2.232.251:epmap SYN_SENT
TCP vijay:2595 61.2.232.252:epmap SYN_SENT
TCP vijay:2596 61.2.232.253:epmap SYN_SENT
TCP vijay:2597 61.2.232.254:epmap SYN_SENT
TCP vijay:2598 61.2.232.255:epmap SYN_SENT
TCP vijay:2599 61.2.233.0:epmap SYN_SENT
TCP vijay:2600 61.2.233.1:epmap SYN_SENT
TCP vijay:2601 61.2.233.2:epmap TIME_WAIT
TCP vijay:2602 61.2.233.3:epmap SYN_SENT
TCP vijay:2603 61.2.233.4:epmap SYN_SENT
TCP vijay:2604 61.2.233.5:epmap SYN_SENT
TCP vijay:2605 61.2.233.6:epmap SYN_SENT
TCP vijay:2606 61.2.233.7:epmap SYN_SENT
TCP vijay:2607 61.2.233.8:epmap SYN_SENT
TCP vijay:2608 61.2.233.9:epmap SYN_SENT
TCP vijay:2609 61.2.233.10:epmap SYN_SENT
TCP vijay:2610 61.2.233.2:epmap ESTABLISHED
TCP vijay:2611 61.2.233.11:epmap FIN_WAIT_1
TCP vijay:2612 61.2.233.12:epmap SYN_SENT
TCP vijay:2613 61.2.233.13:epmap SYN_SENT
TCP vijay:2614 61.2.233.14:epmap SYN_SENT
TCP vijay:2615 61.2.233.15:epmap SYN_SENT
TCP vijay:2616 61.2.233.16:epmap SYN_SENT
TCP vijay:2617 61.2.233.17:epmap SYN_SENT
TCP vijay:2618 61.2.233.18:epmap SYN_SENT
TCP vijay:2619 61.2.233.19:epmap SYN_SENT
TCP vijay:2620 61.2.233.20:epmap SYN_SENT
TCP vijay:2621 61.2.233.21:epmap SYN_SENT
TCP vijay:2622 61.2.233.11:epmap SYN_SENT
TCP vijay:2623 61.2.233.22:epmap SYN_SENT
TCP vijay:2624 61.2.233.23:epmap SYN_SENT
TCP vijay:2625 61.2.233.24:epmap SYN_SENT
TCP vijay:2626 61.2.233.25:epmap SYN_SENT
TCP vijay:2627 61.2.233.26:epmap SYN_SENT
TCP vijay:2628 61.2.233.27:epmap SYN_SENT
TCP vijay:2629 61.2.233.28:epmap SYN_SENT
TCP vijay:2630 61.2.233.29:epmap SYN_SENT
TCP vijay:2631 61.2.233.30:epmap SYN_SENT
TCP vijay:2766 61.2.66.16:epmap ESTABLISHED
TCP vijay:2953 61.2.164.219:epmap ESTABLISHED
TCP vijay:3026 61.2.79.110:epmap ESTABLISHED
TCP vijay:3096 207.44.242.54:pop3 TIME_WAIT
TCP vijay:3294 207.44.242.54:pop3 TIME_WAIT
TCP vijay:3425 61.2.221.16:epmap TIME_WAIT
TCP vijay:3432 61.2.221.16:epmap TIME_WAIT
TCP vijay:3551 61.2.221.141:epmap TIME_WAIT
TCP vijay:3557 61.2.221.141:epmap TIME_WAIT
TCP vijay:3559 61.2.221.148:epmap TIME_WAIT
TCP vijay:3577 61.2.221.148:epmap TIME_WAIT
TCP vijay:3688 61.2.222.20:epmap TIME_WAIT
TCP vijay:3700 61.2.222.20:epmap TIME_WAIT
TCP vijay:3718 61.2.69.120:epmap ESTABLISHED
TCP vijay:3747 61.2.222.20:epmap TIME_WAIT
TCP vijay:3770 61.2.222.95:epmap TIME_WAIT
TCP vijay:3771 61.2.222.96:epmap TIME_WAIT
TCP vijay:3787 61.2.222.95:epmap TIME_WAIT
TCP vijay:3788 61.2.222.96:epmap TIME_WAIT
TCP vijay:4962 61.2.178.162:epmap ESTABLISHED
UDP vijay:tftp *:*
UDP vijay:microsoft-ds *:*
UDP vijay:1026 *:*
UDP vijay:3456 *:*
UDP vijay:3663 *:*
 

Dave

Distinguished
Jun 25, 2003
2,727
0
20,780
Archived from groups: microsoft.public.win2000.security (More info?)

you are still infected and your machine is trying to spread the infection
with all those connections. thank god you are on a dialup and it crashes
your machine. update your virus definitions, get the latest adaware and
spybot s&d, scan with everything you can find. oh, and remember that some
viruses disable virus scanners, so you may want to boot in safe mode or
manually kill suspect processes before trying to get updates and do scans.

oh, and while you are at it put in a dummy name for posting on here, you
will be receiving more virus laden email by posting with a real email
address.

"Vijay" <vijaynats@yahoo.com> wrote in message
news:u5ADEA7WEHA.212@TK2MSFTNGP12.phx.gbl...
> Hello all! I have a windows 2000 professional machine with a dialup
internet
> connection. Everything is fine when i am not connected to the net. Once i
> connect, SVCHost.exe starts making lots of tcp connections to god knows
> where. After sometime, the number of connection goes into the hundreds and
> my machine literally starts to crawl. Links on web pages don't work. Copy
> and paste does not work. RPC Processes crashes after windows reports that
> scvhost.exe has done some illegal operation! Disconnect dialup does not
> work - Finally i'm so cheased off that i have to press the reset button!
>
> I have Norton Antivirus running and it quarantined explorer.exe infected
> with Trojan.VirtualRoot.
> I'm also running Lavasoft Adaware.
>
> Can anyone tell me what's going on inside my box?
>
> HELP ME PLEASE!
>
> Vijay
>
> Here are the dumps for NETSTAT -
>
> Have a look at the dump of netstat before connecting to the net
>
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP vijay:http vijay:0 LISTENING
> TCP vijay:epmap vijay:0 LISTENING
> TCP vijay:https vijay:0 LISTENING
> TCP vijay:microsoft-ds vijay:0 LISTENING
> TCP vijay:1025 vijay:0 LISTENING
> TCP vijay:1027 vijay:0 LISTENING
> TCP vijay:1030 vijay:0 LISTENING
> TCP vijay:1291 vijay:0 LISTENING
> TCP vijay:7160 vijay:0 LISTENING
> TCP vijay:7893 vijay:0 LISTENING
> UDP vijay:epmap *:*
> UDP vijay:microsoft-ds *:*
> UDP vijay:1026 *:*
> UDP vijay:3456 *:*
>
> Now have a look at what happens after sometime (holy cow u'll need lotsa
> patience here)
>
> Active Connections
>
> Proto Local Address Foreign Address State
> TCP vijay:http vijay:0 LISTENING
> TCP vijay:https vijay:0 LISTENING
> TCP vijay:microsoft-ds vijay:0 LISTENING
> TCP vijay:1025 vijay:0 LISTENING
> TCP vijay:1027 vijay:0 LISTENING
> TCP vijay:1032 vijay:0 LISTENING
> TCP vijay:1117 vijay:0 LISTENING
> TCP vijay:1762 vijay:0 LISTENING
> TCP vijay:2093 vijay:0 LISTENING
> TCP vijay:2119 vijay:0 LISTENING
> TCP vijay:2378 vijay:0 LISTENING
> TCP vijay:2398 vijay:0 LISTENING
> TCP vijay:2434 vijay:0 LISTENING
> TCP vijay:2502 vijay:0 LISTENING
> TCP vijay:2576 vijay:0 LISTENING
> TCP vijay:2577 vijay:0 LISTENING
> TCP vijay:2578 vijay:0 LISTENING
> TCP vijay:2579 vijay:0 LISTENING
> TCP vijay:2580 vijay:0 LISTENING
> TCP vijay:2581 vijay:0 LISTENING
> TCP vijay:2582 vijay:0 LISTENING
> TCP vijay:2583 vijay:0 LISTENING
> TCP vijay:2584 vijay:0 LISTENING
> TCP vijay:2585 vijay:0 LISTENING
> TCP vijay:2586 vijay:0 LISTENING
> TCP vijay:2587 vijay:0 LISTENING
> TCP vijay:2588 vijay:0 LISTENING
> TCP vijay:2589 vijay:0 LISTENING
> TCP vijay:2590 vijay:0 LISTENING
> TCP vijay:2591 vijay:0 LISTENING
> TCP vijay:2592 vijay:0 LISTENING
> TCP vijay:2593 vijay:0 LISTENING
> TCP vijay:2594 vijay:0 LISTENING
> TCP vijay:2595 vijay:0 LISTENING
> TCP vijay:2596 vijay:0 LISTENING
> TCP vijay:2597 vijay:0 LISTENING
> TCP vijay:2598 vijay:0 LISTENING
> TCP vijay:2599 vijay:0 LISTENING
> TCP vijay:2600 vijay:0 LISTENING
> TCP vijay:2602 vijay:0 LISTENING
> TCP vijay:2603 vijay:0 LISTENING
> TCP vijay:2604 vijay:0 LISTENING
> TCP vijay:2605 vijay:0 LISTENING
> TCP vijay:2606 vijay:0 LISTENING
> TCP vijay:2607 vijay:0 LISTENING
> TCP vijay:2608 vijay:0 LISTENING
> TCP vijay:2609 vijay:0 LISTENING
> TCP vijay:2610 vijay:0 LISTENING
> TCP vijay:2611 vijay:0 LISTENING
> TCP vijay:2612 vijay:0 LISTENING
> TCP vijay:2613 vijay:0 LISTENING
> TCP vijay:2614 vijay:0 LISTENING
> TCP vijay:2615 vijay:0 LISTENING
> TCP vijay:2616 vijay:0 LISTENING
> TCP vijay:2617 vijay:0 LISTENING
> TCP vijay:2618 vijay:0 LISTENING
> TCP vijay:2619 vijay:0 LISTENING
> TCP vijay:2620 vijay:0 LISTENING
> TCP vijay:2621 vijay:0 LISTENING
> TCP vijay:2622 vijay:0 LISTENING
> TCP vijay:2623 vijay:0 LISTENING
> TCP vijay:2624 vijay:0 LISTENING
> TCP vijay:2625 vijay:0 LISTENING
> TCP vijay:2626 vijay:0 LISTENING
> TCP vijay:2627 vijay:0 LISTENING
> TCP vijay:2628 vijay:0 LISTENING
> TCP vijay:2629 vijay:0 LISTENING
> TCP vijay:2630 vijay:0 LISTENING
> TCP vijay:2631 vijay:0 LISTENING
> TCP vijay:2766 vijay:0 LISTENING
> TCP vijay:2953 vijay:0 LISTENING
> TCP vijay:3026 vijay:0 LISTENING
> TCP vijay:3718 vijay:0 LISTENING
> TCP vijay:4962 vijay:0 LISTENING
> TCP vijay:1117 12-216-252-134.client.mchsi.com:6667
> ESTABLISHED
> TCP vijay:1126 61.2.227.132:epmap TIME_WAIT
> TCP vijay:1131 61.2.227.137:epmap TIME_WAIT
> TCP vijay:1138 61.2.227.132:epmap TIME_WAIT
> TCP vijay:1140 61.2.227.137:epmap TIME_WAIT
> TCP vijay:1169 61.2.227.132:epmap TIME_WAIT
> TCP vijay:1183 61.2.227.186:epmap TIME_WAIT
> TCP vijay:1216 61.2.227.186:epmap TIME_WAIT
> TCP vijay:1355 61.2.227.137:epmap TIME_WAIT
> TCP vijay:1375 61.2.227.186:epmap TIME_WAIT
> TCP vijay:1398 61.2.228.140:epmap TIME_WAIT
> TCP vijay:1406 61.2.228.148:epmap TIME_WAIT
> TCP vijay:1410 61.2.228.140:epmap TIME_WAIT
> TCP vijay:1432 61.2.228.148:epmap TIME_WAIT
> TCP vijay:1439 61.2.228.179:epmap TIME_WAIT
> TCP vijay:1448 61.2.228.179:epmap TIME_WAIT
> TCP vijay:1457 61.2.228.196:epmap TIME_WAIT
> TCP vijay:1466 61.2.228.196:epmap TIME_WAIT
> TCP vijay:1479 61.2.228.217:epmap TIME_WAIT
> TCP vijay:1497 61.2.228.217:epmap TIME_WAIT
> TCP vijay:1500 61.2.228.237:epmap TIME_WAIT
> TCP vijay:1502 61.2.228.239:epmap TIME_WAIT
> TCP vijay:1509 61.2.228.237:epmap TIME_WAIT
> TCP vijay:1513 61.2.228.248:epmap TIME_WAIT
> TCP vijay:1518 61.2.228.248:epmap TIME_WAIT
> TCP vijay:1526 61.2.228.217:epmap TIME_WAIT
> TCP vijay:1528 61.2.229.4:epmap TIME_WAIT
> TCP vijay:1540 61.2.229.4:epmap TIME_WAIT
> TCP vijay:1547 61.2.228.237:epmap TIME_WAIT
> TCP vijay:1548 61.2.229.21:epmap TIME_WAIT
> TCP vijay:1552 61.2.229.25:epmap TIME_WAIT
> TCP vijay:1559 61.2.229.21:epmap TIME_WAIT
> TCP vijay:1571 61.2.229.25:epmap TIME_WAIT
> TCP vijay:1573 61.2.229.41:epmap TIME_WAIT
> TCP vijay:1580 61.2.229.4:epmap TIME_WAIT
> TCP vijay:1586 61.2.229.53:epmap TIME_WAIT
> TCP vijay:1590 61.2.229.41:epmap TIME_WAIT
> TCP vijay:1605 61.2.229.53:epmap TIME_WAIT
> TCP vijay:1612 61.2.229.21:epmap TIME_WAIT
> TCP vijay:1635 61.2.229.53:epmap TIME_WAIT
> TCP vijay:1636 61.2.229.41:epmap TIME_WAIT
> TCP vijay:1762 61.2.167.88:epmap ESTABLISHED
> TCP vijay:2040 61.2.215.136:epmap TIME_WAIT
> TCP vijay:2093 61.2.228.239:epmap ESTABLISHED
> TCP vijay:2119 203.199.83.131:http ESTABLISHED
> TCP vijay:2132 61.2.216.17:epmap TIME_WAIT
> TCP vijay:2138 61.2.216.17:epmap TIME_WAIT
> TCP vijay:2190 61.2.216.74:epmap TIME_WAIT
> TCP vijay:2201 61.2.216.74:epmap TIME_WAIT
> TCP vijay:2315 61.2.232.1:epmap TIME_WAIT
> TCP vijay:2318 61.2.232.4:epmap TIME_WAIT
> TCP vijay:2326 61.2.232.1:epmap TIME_WAIT
> TCP vijay:2327 61.2.232.4:epmap TIME_WAIT
> TCP vijay:2334 61.2.232.18:epmap TIME_WAIT
> TCP vijay:2335 61.2.232.19:epmap TIME_WAIT
> TCP vijay:2343 61.2.232.19:epmap TIME_WAIT
> TCP vijay:2347 61.2.232.18:epmap TIME_WAIT
> TCP vijay:2351 61.2.232.33:epmap TIME_WAIT
> TCP vijay:2355 61.2.232.37:epmap TIME_WAIT
> TCP vijay:2357 61.2.232.39:epmap TIME_WAIT
> TCP vijay:2360 61.2.232.42:epmap TIME_WAIT
> TCP vijay:2361 61.2.232.4:epmap TIME_WAIT
> TCP vijay:2362 61.2.232.33:epmap TIME_WAIT
> TCP vijay:2363 61.2.232.37:epmap TIME_WAIT
> TCP vijay:2365 61.2.232.44:epmap TIME_WAIT
> TCP vijay:2372 61.2.232.42:epmap TIME_WAIT
> TCP vijay:2374 61.2.232.52:epmap TIME_WAIT
> TCP vijay:2378 61.2.232.39:epmap FIN_WAIT_1
> TCP vijay:2381 61.2.232.44:epmap TIME_WAIT
> TCP vijay:2389 61.2.232.65:epmap TIME_WAIT
> TCP vijay:2395 61.2.232.71:epmap TIME_WAIT
> TCP vijay:2396 61.2.232.72:epmap TIME_WAIT
> TCP vijay:2398 61.2.216.203:epmap ESTABLISHED
> TCP vijay:2399 61.2.232.73:epmap TIME_WAIT
> TCP vijay:2400 61.2.232.37:epmap TIME_WAIT
> TCP vijay:2401 61.2.232.65:epmap TIME_WAIT
> TCP vijay:2405 61.2.232.77:epmap TIME_WAIT
> TCP vijay:2409 61.2.232.71:epmap TIME_WAIT
> TCP vijay:2410 61.2.232.52:epmap TIME_WAIT
> TCP vijay:2414 61.2.232.84:epmap TIME_WAIT
> TCP vijay:2418 61.2.232.73:epmap TIME_WAIT
> TCP vijay:2422 61.2.232.77:epmap TIME_WAIT
> TCP vijay:2424 61.2.232.72:epmap TIME_WAIT
> TCP vijay:2426 61.2.232.93:epmap TIME_WAIT
> TCP vijay:2431 61.2.232.84:epmap TIME_WAIT
> TCP vijay:2432 61.2.232.98:epmap TIME_WAIT
> TCP vijay:2434 61.2.79.171:epmap ESTABLISHED
> TCP vijay:2438 61.2.232.103:epmap TIME_WAIT
> TCP vijay:2446 61.2.232.93:epmap TIME_WAIT
> TCP vijay:2451 61.2.232.116:epmap TIME_WAIT
> TCP vijay:2453 61.2.232.117:epmap TIME_WAIT
> TCP vijay:2457 61.2.232.103:epmap TIME_WAIT
> TCP vijay:2462 61.2.232.98:epmap TIME_WAIT
> TCP vijay:2467 61.2.232.117:epmap TIME_WAIT
> TCP vijay:2468 61.2.232.116:epmap TIME_WAIT
> TCP vijay:2472 61.2.232.73:epmap TIME_WAIT
> TCP vijay:2487 61.2.232.52:epmap TIME_WAIT
> TCP vijay:2502 61.2.232.39:epmap SYN_SENT
> TCP vijay:2576 61.2.232.233:epmap SYN_SENT
> TCP vijay:2577 61.2.232.234:epmap SYN_SENT
> TCP vijay:2578 61.2.232.235:epmap SYN_SENT
> TCP vijay:2579 61.2.232.236:epmap SYN_SENT
> TCP vijay:2580 61.2.232.237:epmap SYN_SENT
> TCP vijay:2581 61.2.232.238:epmap SYN_SENT
> TCP vijay:2582 61.2.232.239:epmap SYN_SENT
> TCP vijay:2583 61.2.232.240:epmap SYN_SENT
> TCP vijay:2584 61.2.232.241:epmap SYN_SENT
> TCP vijay:2585 61.2.232.242:epmap SYN_SENT
> TCP vijay:2586 61.2.232.243:epmap SYN_SENT
> TCP vijay:2587 61.2.232.244:epmap SYN_SENT
> TCP vijay:2588 61.2.232.245:epmap SYN_SENT
> TCP vijay:2589 61.2.232.246:epmap SYN_SENT
> TCP vijay:2590 61.2.232.247:epmap SYN_SENT
> TCP vijay:2591 61.2.232.248:epmap SYN_SENT
> TCP vijay:2592 61.2.232.249:epmap SYN_SENT
> TCP vijay:2593 61.2.232.250:epmap SYN_SENT
> TCP vijay:2594 61.2.232.251:epmap SYN_SENT
> TCP vijay:2595 61.2.232.252:epmap SYN_SENT
> TCP vijay:2596 61.2.232.253:epmap SYN_SENT
> TCP vijay:2597 61.2.232.254:epmap SYN_SENT
> TCP vijay:2598 61.2.232.255:epmap SYN_SENT
> TCP vijay:2599 61.2.233.0:epmap SYN_SENT
> TCP vijay:2600 61.2.233.1:epmap SYN_SENT
> TCP vijay:2601 61.2.233.2:epmap TIME_WAIT
> TCP vijay:2602 61.2.233.3:epmap SYN_SENT
> TCP vijay:2603 61.2.233.4:epmap SYN_SENT
> TCP vijay:2604 61.2.233.5:epmap SYN_SENT
> TCP vijay:2605 61.2.233.6:epmap SYN_SENT
> TCP vijay:2606 61.2.233.7:epmap SYN_SENT
> TCP vijay:2607 61.2.233.8:epmap SYN_SENT
> TCP vijay:2608 61.2.233.9:epmap SYN_SENT
> TCP vijay:2609 61.2.233.10:epmap SYN_SENT
> TCP vijay:2610 61.2.233.2:epmap ESTABLISHED
> TCP vijay:2611 61.2.233.11:epmap FIN_WAIT_1
> TCP vijay:2612 61.2.233.12:epmap SYN_SENT
> TCP vijay:2613 61.2.233.13:epmap SYN_SENT
> TCP vijay:2614 61.2.233.14:epmap SYN_SENT
> TCP vijay:2615 61.2.233.15:epmap SYN_SENT
> TCP vijay:2616 61.2.233.16:epmap SYN_SENT
> TCP vijay:2617 61.2.233.17:epmap SYN_SENT
> TCP vijay:2618 61.2.233.18:epmap SYN_SENT
> TCP vijay:2619 61.2.233.19:epmap SYN_SENT
> TCP vijay:2620 61.2.233.20:epmap SYN_SENT
> TCP vijay:2621 61.2.233.21:epmap SYN_SENT
> TCP vijay:2622 61.2.233.11:epmap SYN_SENT
> TCP vijay:2623 61.2.233.22:epmap SYN_SENT
> TCP vijay:2624 61.2.233.23:epmap SYN_SENT
> TCP vijay:2625 61.2.233.24:epmap SYN_SENT
> TCP vijay:2626 61.2.233.25:epmap SYN_SENT
> TCP vijay:2627 61.2.233.26:epmap SYN_SENT
> TCP vijay:2628 61.2.233.27:epmap SYN_SENT
> TCP vijay:2629 61.2.233.28:epmap SYN_SENT
> TCP vijay:2630 61.2.233.29:epmap SYN_SENT
> TCP vijay:2631 61.2.233.30:epmap SYN_SENT
> TCP vijay:2766 61.2.66.16:epmap ESTABLISHED
> TCP vijay:2953 61.2.164.219:epmap ESTABLISHED
> TCP vijay:3026 61.2.79.110:epmap ESTABLISHED
> TCP vijay:3096 207.44.242.54:pop3 TIME_WAIT
> TCP vijay:3294 207.44.242.54:pop3 TIME_WAIT
> TCP vijay:3425 61.2.221.16:epmap TIME_WAIT
> TCP vijay:3432 61.2.221.16:epmap TIME_WAIT
> TCP vijay:3551 61.2.221.141:epmap TIME_WAIT
> TCP vijay:3557 61.2.221.141:epmap TIME_WAIT
> TCP vijay:3559 61.2.221.148:epmap TIME_WAIT
> TCP vijay:3577 61.2.221.148:epmap TIME_WAIT
> TCP vijay:3688 61.2.222.20:epmap TIME_WAIT
> TCP vijay:3700 61.2.222.20:epmap TIME_WAIT
> TCP vijay:3718 61.2.69.120:epmap ESTABLISHED
> TCP vijay:3747 61.2.222.20:epmap TIME_WAIT
> TCP vijay:3770 61.2.222.95:epmap TIME_WAIT
> TCP vijay:3771 61.2.222.96:epmap TIME_WAIT
> TCP vijay:3787 61.2.222.95:epmap TIME_WAIT
> TCP vijay:3788 61.2.222.96:epmap TIME_WAIT
> TCP vijay:4962 61.2.178.162:epmap ESTABLISHED
> UDP vijay:tftp *:*
> UDP vijay:microsoft-ds *:*
> UDP vijay:1026 *:*
> UDP vijay:3456 *:*
> UDP vijay:3663 *:*
>
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Good advice from Dave, also patch your system with Windows Updates and note
that some viruses need to be removed manually with special tools like the
Stinger tool. If a specific virus is found, I suggest searching for it by
name on Symantec's site and follow their directions for proper removal of
the virus.

"Dave" <noone@nowhere.com> wrote in message
news:%23knjhN7WEHA.3596@tk2msftngp13.phx.gbl...
> you are still infected and your machine is trying to spread the infection
> with all those connections. thank god you are on a dialup and it crashes
> your machine. update your virus definitions, get the latest adaware and
> spybot s&d, scan with everything you can find. oh, and remember that some
> viruses disable virus scanners, so you may want to boot in safe mode or
> manually kill suspect processes before trying to get updates and do scans.
>
> oh, and while you are at it put in a dummy name for posting on here, you
> will be receiving more virus laden email by posting with a real email
> address.
>
> "Vijay" <vijaynats@yahoo.com> wrote in message
> news:u5ADEA7WEHA.212@TK2MSFTNGP12.phx.gbl...
> > Hello all! I have a windows 2000 professional machine with a dialup
> internet
> > connection. Everything is fine when i am not connected to the net. Once
i
> > connect, SVCHost.exe starts making lots of tcp connections to god knows
> > where. After sometime, the number of connection goes into the hundreds
and
> > my machine literally starts to crawl. Links on web pages don't work.
Copy
> > and paste does not work. RPC Processes crashes after windows reports
that
> > scvhost.exe has done some illegal operation! Disconnect dialup does not
> > work - Finally i'm so cheased off that i have to press the reset button!
> >
> > I have Norton Antivirus running and it quarantined explorer.exe infected
> > with Trojan.VirtualRoot.
> > I'm also running Lavasoft Adaware.
> >
> > Can anyone tell me what's going on inside my box?
> >
> > HELP ME PLEASE!
> >
> > Vijay
> >
> > Here are the dumps for NETSTAT -
> >
> > Have a look at the dump of netstat before connecting to the net
> >
> >
> > Active Connections
> >
> > Proto Local Address Foreign Address State
> > TCP vijay:http vijay:0 LISTENING
> > TCP vijay:epmap vijay:0 LISTENING
> > TCP vijay:https vijay:0 LISTENING
> > TCP vijay:microsoft-ds vijay:0 LISTENING
> > TCP vijay:1025 vijay:0 LISTENING
> > TCP vijay:1027 vijay:0 LISTENING
> > TCP vijay:1030 vijay:0 LISTENING
> > TCP vijay:1291 vijay:0 LISTENING
> > TCP vijay:7160 vijay:0 LISTENING
> > TCP vijay:7893 vijay:0 LISTENING
> > UDP vijay:epmap *:*
> > UDP vijay:microsoft-ds *:*
> > UDP vijay:1026 *:*
> > UDP vijay:3456 *:*
> >
> > Now have a look at what happens after sometime (holy cow u'll need lotsa
> > patience here)
> >
> > Active Connections
> >
> > Proto Local Address Foreign Address State
> > TCP vijay:http vijay:0 LISTENING
> > TCP vijay:https vijay:0 LISTENING
> > TCP vijay:microsoft-ds vijay:0 LISTENING
> > TCP vijay:1025 vijay:0 LISTENING
> > TCP vijay:1027 vijay:0 LISTENING
> > TCP vijay:1032 vijay:0 LISTENING
> > TCP vijay:1117 vijay:0 LISTENING
> > TCP vijay:1762 vijay:0 LISTENING
> > TCP vijay:2093 vijay:0 LISTENING
> > TCP vijay:2119 vijay:0 LISTENING
> > TCP vijay:2378 vijay:0 LISTENING
> > TCP vijay:2398 vijay:0 LISTENING
> > TCP vijay:2434 vijay:0 LISTENING
> > TCP vijay:2502 vijay:0 LISTENING
> > TCP vijay:2576 vijay:0 LISTENING
> > TCP vijay:2577 vijay:0 LISTENING
> > TCP vijay:2578 vijay:0 LISTENING
> > TCP vijay:2579 vijay:0 LISTENING
> > TCP vijay:2580 vijay:0 LISTENING
> > TCP vijay:2581 vijay:0 LISTENING
> > TCP vijay:2582 vijay:0 LISTENING
> > TCP vijay:2583 vijay:0 LISTENING
> > TCP vijay:2584 vijay:0 LISTENING
> > TCP vijay:2585 vijay:0 LISTENING
> > TCP vijay:2586 vijay:0 LISTENING
> > TCP vijay:2587 vijay:0 LISTENING
> > TCP vijay:2588 vijay:0 LISTENING
> > TCP vijay:2589 vijay:0 LISTENING
> > TCP vijay:2590 vijay:0 LISTENING
> > TCP vijay:2591 vijay:0 LISTENING
> > TCP vijay:2592 vijay:0 LISTENING
> > TCP vijay:2593 vijay:0 LISTENING
> > TCP vijay:2594 vijay:0 LISTENING
> > TCP vijay:2595 vijay:0 LISTENING
> > TCP vijay:2596 vijay:0 LISTENING
> > TCP vijay:2597 vijay:0 LISTENING
> > TCP vijay:2598 vijay:0 LISTENING
> > TCP vijay:2599 vijay:0 LISTENING
> > TCP vijay:2600 vijay:0 LISTENING
> > TCP vijay:2602 vijay:0 LISTENING
> > TCP vijay:2603 vijay:0 LISTENING
> > TCP vijay:2604 vijay:0 LISTENING
> > TCP vijay:2605 vijay:0 LISTENING
> > TCP vijay:2606 vijay:0 LISTENING
> > TCP vijay:2607 vijay:0 LISTENING
> > TCP vijay:2608 vijay:0 LISTENING
> > TCP vijay:2609 vijay:0 LISTENING
> > TCP vijay:2610 vijay:0 LISTENING
> > TCP vijay:2611 vijay:0 LISTENING
> > TCP vijay:2612 vijay:0 LISTENING
> > TCP vijay:2613 vijay:0 LISTENING
> > TCP vijay:2614 vijay:0 LISTENING
> > TCP vijay:2615 vijay:0 LISTENING
> > TCP vijay:2616 vijay:0 LISTENING
> > TCP vijay:2617 vijay:0 LISTENING
> > TCP vijay:2618 vijay:0 LISTENING
> > TCP vijay:2619 vijay:0 LISTENING
> > TCP vijay:2620 vijay:0 LISTENING
> > TCP vijay:2621 vijay:0 LISTENING
> > TCP vijay:2622 vijay:0 LISTENING
> > TCP vijay:2623 vijay:0 LISTENING
> > TCP vijay:2624 vijay:0 LISTENING
> > TCP vijay:2625 vijay:0 LISTENING
> > TCP vijay:2626 vijay:0 LISTENING
> > TCP vijay:2627 vijay:0 LISTENING
> > TCP vijay:2628 vijay:0 LISTENING
> > TCP vijay:2629 vijay:0 LISTENING
> > TCP vijay:2630 vijay:0 LISTENING
> > TCP vijay:2631 vijay:0 LISTENING
> > TCP vijay:2766 vijay:0 LISTENING
> > TCP vijay:2953 vijay:0 LISTENING
> > TCP vijay:3026 vijay:0 LISTENING
> > TCP vijay:3718 vijay:0 LISTENING
> > TCP vijay:4962 vijay:0 LISTENING
> > TCP vijay:1117 12-216-252-134.client.mchsi.com:6667
> > ESTABLISHED
> > TCP vijay:1126 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1131 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1138 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1140 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1169 61.2.227.132:epmap TIME_WAIT
> > TCP vijay:1183 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1216 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1355 61.2.227.137:epmap TIME_WAIT
> > TCP vijay:1375 61.2.227.186:epmap TIME_WAIT
> > TCP vijay:1398 61.2.228.140:epmap TIME_WAIT
> > TCP vijay:1406 61.2.228.148:epmap TIME_WAIT
> > TCP vijay:1410 61.2.228.140:epmap TIME_WAIT
> > TCP vijay:1432 61.2.228.148:epmap TIME_WAIT
> > TCP vijay:1439 61.2.228.179:epmap TIME_WAIT
> > TCP vijay:1448 61.2.228.179:epmap TIME_WAIT
> > TCP vijay:1457 61.2.228.196:epmap TIME_WAIT
> > TCP vijay:1466 61.2.228.196:epmap TIME_WAIT
> > TCP vijay:1479 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1497 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1500 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1502 61.2.228.239:epmap TIME_WAIT
> > TCP vijay:1509 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1513 61.2.228.248:epmap TIME_WAIT
> > TCP vijay:1518 61.2.228.248:epmap TIME_WAIT
> > TCP vijay:1526 61.2.228.217:epmap TIME_WAIT
> > TCP vijay:1528 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1540 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1547 61.2.228.237:epmap TIME_WAIT
> > TCP vijay:1548 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1552 61.2.229.25:epmap TIME_WAIT
> > TCP vijay:1559 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1571 61.2.229.25:epmap TIME_WAIT
> > TCP vijay:1573 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1580 61.2.229.4:epmap TIME_WAIT
> > TCP vijay:1586 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1590 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1605 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1612 61.2.229.21:epmap TIME_WAIT
> > TCP vijay:1635 61.2.229.53:epmap TIME_WAIT
> > TCP vijay:1636 61.2.229.41:epmap TIME_WAIT
> > TCP vijay:1762 61.2.167.88:epmap ESTABLISHED
> > TCP vijay:2040 61.2.215.136:epmap TIME_WAIT
> > TCP vijay:2093 61.2.228.239:epmap ESTABLISHED
> > TCP vijay:2119 203.199.83.131:http ESTABLISHED
> > TCP vijay:2132 61.2.216.17:epmap TIME_WAIT
> > TCP vijay:2138 61.2.216.17:epmap TIME_WAIT
> > TCP vijay:2190 61.2.216.74:epmap TIME_WAIT
> > TCP vijay:2201 61.2.216.74:epmap TIME_WAIT
> > TCP vijay:2315 61.2.232.1:epmap TIME_WAIT
> > TCP vijay:2318 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2326 61.2.232.1:epmap TIME_WAIT
> > TCP vijay:2327 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2334 61.2.232.18:epmap TIME_WAIT
> > TCP vijay:2335 61.2.232.19:epmap TIME_WAIT
> > TCP vijay:2343 61.2.232.19:epmap TIME_WAIT
> > TCP vijay:2347 61.2.232.18:epmap TIME_WAIT
> > TCP vijay:2351 61.2.232.33:epmap TIME_WAIT
> > TCP vijay:2355 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2357 61.2.232.39:epmap TIME_WAIT
> > TCP vijay:2360 61.2.232.42:epmap TIME_WAIT
> > TCP vijay:2361 61.2.232.4:epmap TIME_WAIT
> > TCP vijay:2362 61.2.232.33:epmap TIME_WAIT
> > TCP vijay:2363 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2365 61.2.232.44:epmap TIME_WAIT
> > TCP vijay:2372 61.2.232.42:epmap TIME_WAIT
> > TCP vijay:2374 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2378 61.2.232.39:epmap FIN_WAIT_1
> > TCP vijay:2381 61.2.232.44:epmap TIME_WAIT
> > TCP vijay:2389 61.2.232.65:epmap TIME_WAIT
> > TCP vijay:2395 61.2.232.71:epmap TIME_WAIT
> > TCP vijay:2396 61.2.232.72:epmap TIME_WAIT
> > TCP vijay:2398 61.2.216.203:epmap ESTABLISHED
> > TCP vijay:2399 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2400 61.2.232.37:epmap TIME_WAIT
> > TCP vijay:2401 61.2.232.65:epmap TIME_WAIT
> > TCP vijay:2405 61.2.232.77:epmap TIME_WAIT
> > TCP vijay:2409 61.2.232.71:epmap TIME_WAIT
> > TCP vijay:2410 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2414 61.2.232.84:epmap TIME_WAIT
> > TCP vijay:2418 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2422 61.2.232.77:epmap TIME_WAIT
> > TCP vijay:2424 61.2.232.72:epmap TIME_WAIT
> > TCP vijay:2426 61.2.232.93:epmap TIME_WAIT
> > TCP vijay:2431 61.2.232.84:epmap TIME_WAIT
> > TCP vijay:2432 61.2.232.98:epmap TIME_WAIT
> > TCP vijay:2434 61.2.79.171:epmap ESTABLISHED
> > TCP vijay:2438 61.2.232.103:epmap TIME_WAIT
> > TCP vijay:2446 61.2.232.93:epmap TIME_WAIT
> > TCP vijay:2451 61.2.232.116:epmap TIME_WAIT
> > TCP vijay:2453 61.2.232.117:epmap TIME_WAIT
> > TCP vijay:2457 61.2.232.103:epmap TIME_WAIT
> > TCP vijay:2462 61.2.232.98:epmap TIME_WAIT
> > TCP vijay:2467 61.2.232.117:epmap TIME_WAIT
> > TCP vijay:2468 61.2.232.116:epmap TIME_WAIT
> > TCP vijay:2472 61.2.232.73:epmap TIME_WAIT
> > TCP vijay:2487 61.2.232.52:epmap TIME_WAIT
> > TCP vijay:2502 61.2.232.39:epmap SYN_SENT
> > TCP vijay:2576 61.2.232.233:epmap SYN_SENT
> > TCP vijay:2577 61.2.232.234:epmap SYN_SENT
> > TCP vijay:2578 61.2.232.235:epmap SYN_SENT
> > TCP vijay:2579 61.2.232.236:epmap SYN_SENT
> > TCP vijay:2580 61.2.232.237:epmap SYN_SENT
> > TCP vijay:2581 61.2.232.238:epmap SYN_SENT
> > TCP vijay:2582 61.2.232.239:epmap SYN_SENT
> > TCP vijay:2583 61.2.232.240:epmap SYN_SENT
> > TCP vijay:2584 61.2.232.241:epmap SYN_SENT
> > TCP vijay:2585 61.2.232.242:epmap SYN_SENT
> > TCP vijay:2586 61.2.232.243:epmap SYN_SENT
> > TCP vijay:2587 61.2.232.244:epmap SYN_SENT
> > TCP vijay:2588 61.2.232.245:epmap SYN_SENT
> > TCP vijay:2589 61.2.232.246:epmap SYN_SENT
> > TCP vijay:2590 61.2.232.247:epmap SYN_SENT
> > TCP vijay:2591 61.2.232.248:epmap SYN_SENT
> > TCP vijay:2592 61.2.232.249:epmap SYN_SENT
> > TCP vijay:2593 61.2.232.250:epmap SYN_SENT
> > TCP vijay:2594 61.2.232.251:epmap SYN_SENT
> > TCP vijay:2595 61.2.232.252:epmap SYN_SENT
> > TCP vijay:2596 61.2.232.253:epmap SYN_SENT
> > TCP vijay:2597 61.2.232.254:epmap SYN_SENT
> > TCP vijay:2598 61.2.232.255:epmap SYN_SENT
> > TCP vijay:2599 61.2.233.0:epmap SYN_SENT
> > TCP vijay:2600 61.2.233.1:epmap SYN_SENT
> > TCP vijay:2601 61.2.233.2:epmap TIME_WAIT
> > TCP vijay:2602 61.2.233.3:epmap SYN_SENT
> > TCP vijay:2603 61.2.233.4:epmap SYN_SENT
> > TCP vijay:2604 61.2.233.5:epmap SYN_SENT
> > TCP vijay:2605 61.2.233.6:epmap SYN_SENT
> > TCP vijay:2606 61.2.233.7:epmap SYN_SENT
> > TCP vijay:2607 61.2.233.8:epmap SYN_SENT
> > TCP vijay:2608 61.2.233.9:epmap SYN_SENT
> > TCP vijay:2609 61.2.233.10:epmap SYN_SENT
> > TCP vijay:2610 61.2.233.2:epmap ESTABLISHED
> > TCP vijay:2611 61.2.233.11:epmap FIN_WAIT_1
> > TCP vijay:2612 61.2.233.12:epmap SYN_SENT
> > TCP vijay:2613 61.2.233.13:epmap SYN_SENT
> > TCP vijay:2614 61.2.233.14:epmap SYN_SENT
> > TCP vijay:2615 61.2.233.15:epmap SYN_SENT
> > TCP vijay:2616 61.2.233.16:epmap SYN_SENT
> > TCP vijay:2617 61.2.233.17:epmap SYN_SENT
> > TCP vijay:2618 61.2.233.18:epmap SYN_SENT
> > TCP vijay:2619 61.2.233.19:epmap SYN_SENT
> > TCP vijay:2620 61.2.233.20:epmap SYN_SENT
> > TCP vijay:2621 61.2.233.21:epmap SYN_SENT
> > TCP vijay:2622 61.2.233.11:epmap SYN_SENT
> > TCP vijay:2623 61.2.233.22:epmap SYN_SENT
> > TCP vijay:2624 61.2.233.23:epmap SYN_SENT
> > TCP vijay:2625 61.2.233.24:epmap SYN_SENT
> > TCP vijay:2626 61.2.233.25:epmap SYN_SENT
> > TCP vijay:2627 61.2.233.26:epmap SYN_SENT
> > TCP vijay:2628 61.2.233.27:epmap SYN_SENT
> > TCP vijay:2629 61.2.233.28:epmap SYN_SENT
> > TCP vijay:2630 61.2.233.29:epmap SYN_SENT
> > TCP vijay:2631 61.2.233.30:epmap SYN_SENT
> > TCP vijay:2766 61.2.66.16:epmap ESTABLISHED
> > TCP vijay:2953 61.2.164.219:epmap ESTABLISHED
> > TCP vijay:3026 61.2.79.110:epmap ESTABLISHED
> > TCP vijay:3096 207.44.242.54:pop3 TIME_WAIT
> > TCP vijay:3294 207.44.242.54:pop3 TIME_WAIT
> > TCP vijay:3425 61.2.221.16:epmap TIME_WAIT
> > TCP vijay:3432 61.2.221.16:epmap TIME_WAIT
> > TCP vijay:3551 61.2.221.141:epmap TIME_WAIT
> > TCP vijay:3557 61.2.221.141:epmap TIME_WAIT
> > TCP vijay:3559 61.2.221.148:epmap TIME_WAIT
> > TCP vijay:3577 61.2.221.148:epmap TIME_WAIT
> > TCP vijay:3688 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3700 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3718 61.2.69.120:epmap ESTABLISHED
> > TCP vijay:3747 61.2.222.20:epmap TIME_WAIT
> > TCP vijay:3770 61.2.222.95:epmap TIME_WAIT
> > TCP vijay:3771 61.2.222.96:epmap TIME_WAIT
> > TCP vijay:3787 61.2.222.95:epmap TIME_WAIT
> > TCP vijay:3788 61.2.222.96:epmap TIME_WAIT
> > TCP vijay:4962 61.2.178.162:epmap ESTABLISHED
> > UDP vijay:tftp *:*
> > UDP vijay:microsoft-ds *:*
> > UDP vijay:1026 *:*
> > UDP vijay:3456 *:*
> > UDP vijay:3663 *:*
> >
> >
> >
> >
> >
>
>
 

Vijay

Distinguished
Apr 22, 2004
14
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

I formatted the C drive on my machine and installed a few sw and
Norton AV. Then i configured the dialup...connected to the net...and
lo...things are back to square one!

Now how could this be? Is my ISP spreading the Virus? and yes there
are not one but many viruses (and trojans) doing the jig inside the
box!

I scanned the whole drive with NAV and it didn't report a single virus
(with latest V.defs)

What other tools are effective? Are there any good FREE firewalls out
there?

Thanks for your time guys.

Vijay.


"serverguy" <nospam@hatespam.com> wrote in message news:<eA9C5RfXEHA.1292@TK2MSFTNGP11.phx.gbl>...
> Good advice from Dave, also patch your system with Windows Updates and note
> that some viruses need to be removed manually with special tools like the
> Stinger tool. If a specific virus is found, I suggest searching for it by
> name on Symantec's site and follow their directions for proper removal of
> the virus.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

There are plenty of free firewalls. Many people start at zonelabs.com and
get Zonealarm because it's easy to setup and configure.
If you want better protection, you'll need to spend some money on a SPI
based firewall (that's Stateful Packet Inspection).

The procedure nowadays for us is to build a machine and apply all needed
security patches to it BEFORE connecting it to the internet. You would need
to download the patches from another protected machine and burn them to cd,
or order the free cd from MS. If you don't do this, a worm could easily hit
your box literally within seconds after you connect to the Internet.



"VIJAY" <vijaynats@yahoo.com> wrote in message
news:5407b3d4.0407020000.85f6a3e@posting.google.com...
> I formatted the C drive on my machine and installed a few sw and
> Norton AV. Then i configured the dialup...connected to the net...and
> lo...things are back to square one!
>
> Now how could this be? Is my ISP spreading the Virus? and yes there
> are not one but many viruses (and trojans) doing the jig inside the
> box!
>
> I scanned the whole drive with NAV and it didn't report a single virus
> (with latest V.defs)
>
> What other tools are effective? Are there any good FREE firewalls out
> there?
>
> Thanks for your time guys.
>
> Vijay.
>
>
> "serverguy" <nospam@hatespam.com> wrote in message
news:<eA9C5RfXEHA.1292@TK2MSFTNGP11.phx.gbl>...
> > Good advice from Dave, also patch your system with Windows Updates and
note
> > that some viruses need to be removed manually with special tools like
the
> > Stinger tool. If a specific virus is found, I suggest searching for it
by
> > name on Symantec's site and follow their directions for proper removal
of
> > the virus.
> >
 

Dave

Distinguished
Jun 25, 2003
2,727
0
20,780
Archived from groups: microsoft.public.win2000.security (More info?)

its not your isp. there are probably thousands of infected machines out
there scanning random ip ranges looking for unprotected machines. DO NOT
connect a machine to the internet without a firewall, not even on dialup, it
will be scanned, probed, infected, and violated in other unthinkable ways
within minutes. some of the infections are smart enough to turn off your
virus protection, stop msconfig, kill the task manager, automatically close
regedit, and just in case you stop the process they restart themselves.

"VIJAY" <vijaynats@yahoo.com> wrote in message
news:5407b3d4.0407020000.85f6a3e@posting.google.com...
> I formatted the C drive on my machine and installed a few sw and
> Norton AV. Then i configured the dialup...connected to the net...and
> lo...things are back to square one!
>
> Now how could this be? Is my ISP spreading the Virus? and yes there
> are not one but many viruses (and trojans) doing the jig inside the
> box!
>
> I scanned the whole drive with NAV and it didn't report a single virus
> (with latest V.defs)
>
> What other tools are effective? Are there any good FREE firewalls out
> there?
>
> Thanks for your time guys.
>
> Vijay.
>
>
> "serverguy" <nospam@hatespam.com> wrote in message
news:<eA9C5RfXEHA.1292@TK2MSFTNGP11.phx.gbl>...
> > Good advice from Dave, also patch your system with Windows Updates and
note
> > that some viruses need to be removed manually with special tools like
the
> > Stinger tool. If a specific virus is found, I suggest searching for it
by
> > name on Symantec's site and follow their directions for proper removal
of
> > the virus.
> >
 

Vijay

Distinguished
Apr 22, 2004
14
0
18,510
Archived from groups: microsoft.public.win2000.security (More info?)

thanks guys! i installed windows updates and patches, and things are
peaceful now! but i must get a firewall installed.

hurray!