|
Posted by Duane Arnold on April 18, 2006, 4:21 pm
If you were Registered and logged in, you could reply and use other advanced thread options
hairyharri wrote:
> Since a few weeks my laptop is very slow with surfing (Internet
> Explorer). I noticed high activity with my wireless interface and some
> activity on the PnP Internet connection. I then checked the web and
> found Ethereal Network protocol Analyzer, installed and ran it.
>
> What I saw in the logfiles was constant activity appearing to originate
> from the laptop, directed to the router (Sitecom WL-114) and back from
> the router to the laptop. The portnumbers go up from about 1000 to
> <unknown>. It just goes on and on. After 2 hours online the port
> scanned is about 3900. It could be it has restarted from a certain
> value but I haven't seen that.
>
> I checked with Housecall from Trendmicro, Spybot S&D and AdAware with
> recent libraries, nothing was found.
>
> What could this be? A rootkit? How do I smoke it out? Anybody heard of
> something like this?
>
> When somebody knows how to read the capturefiles from Ethereal, please
> let me know and I'll send it to you. I scanned for about 2 megs of
> data.
>
> Hope somebody can help.
> Frank
>
The tools in the link like Process Explorer will help you pinpoint what
it is that's doing it. PE will let you look inside any running process
and let you see what is using the process or running with a process.
Long
http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html
Short
http://tinyurl.com/klw1
There is also PRCview that will let you look at and inside a running
process.
Duane :)
| 
XML site map