PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

PC trying to connect to a huge list of IP addresses. Aye Chihuahua!
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
PC trying to connect to a huge list of IP addresses. Aye Chihuahua! PinYinYang 05-02-2004
Posted by PinYinYang on May 2, 2004, 9:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
This occured on Win XP Professional.

Network Connections pops up a prompt literally about every 5 seconds
saying "You [or a program] have requested information from
---.---.---.---. Which connection to you want to use?"

Each time the prompt appears, it is attempting to connect to a
different IP address (I haven't seen the same one twice). Of course,
I clicked cancel to each prompt. I started recording a list of the IP
addresses shown, but I got bored after a few more than 100.

I'll make the wild assumption that this computer has been compromised.
I've found something called TEEKIDS.EXE running on the system and it
looks (from a Google search) like this is some sort of worm.

Now, this is happening on my parent's computer, and they don't use it
for much more than Solitaire and downloading photos of my niece from a
digi-cam, so I'm not too worried. But I would like to make this a
learning experience so that I can know what to do in the future.
Nonetheless, please pray for me that nobody does anything malicious
with photos of my niece or my parent's Solitaire scores!

From this I have two questions:

(1) Can anyone tell me what is happening on this computer? Is this
list of IP addresses pointing to other infected machines? Or is it
trying randomly to find other machines to infect?

(2) Is there anything -helpful- that I can do with the list of IP
addresses that I've written down? If they are infected machines, for
example, is there any way to alert those machine owners?

I think I'm going to just wipe their machine clean and re-install the
OS from scratch, so you don't (necessarily) have to try to help me
with that kind of advice. Maybe I can even convince them that
Solitaire can be played on Linux too. ;)

Thanks!


Posted by Ant on May 2, 2004, 6:51 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
"PinYinYang" wrote...
> This occured on Win XP Professional.

[snip]
> I'll make the wild assumption that this computer has been compromised.
> I've found something called TEEKIDS.EXE running on the system and it
> looks (from a Google search) like this is some sort of worm. [snip]

It's the Blaster worm. You need to download the MS03-039 patch from
microsoft.com and apply it. Remove the worm first (instructions
available from most anti-virus vendor sites).

This worm can exploit any unpatched NT based system just by connecting
the machine to the internet.




Posted by on May 2, 2004, 7:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On 2 May 2004 09:59:20 -0700, pinyinyang@yahoo.com (PinYinYang) wrote:

>This occured on Win XP Professional.
>
>Network Connections pops up a prompt literally about every 5 seconds
>saying "You [or a program] have requested information from
>---.---.---.---. Which connection to you want to use?"
>
>Each time the prompt appears, it is attempting to connect to a
>different IP address (I haven't seen the same one twice). Of course,
>I clicked cancel to each prompt. I started recording a list of the IP
>addresses shown, but I got bored after a few more than 100.
>
>I'll make the wild assumption that this computer has been compromised.
> I've found something called TEEKIDS.EXE running on the system and it
>looks (from a Google search) like this is some sort of worm.
>
>Now, this is happening on my parent's computer, and they don't use it
>for much more than Solitaire and downloading photos of my niece from a
>digi-cam, so I'm not too worried. But I would like to make this a
>learning experience so that I can know what to do in the future.
>Nonetheless, please pray for me that nobody does anything malicious
>with photos of my niece or my parent's Solitaire scores!
>
>From this I have two questions:
>
>(1) Can anyone tell me what is happening on this computer? Is this
>list of IP addresses pointing to other infected machines? Or is it
>trying randomly to find other machines to infect?

Yes, it's trying to infect othre computers.

>(2) Is there anything -helpful- that I can do with the list of IP
>addresses that I've written down? If they are infected machines, for
>example, is there any way to alert those machine owners?

Not really.

>I think I'm going to just wipe their machine clean and re-install the
>OS from scratch, so you don't (necessarily) have to try to help me
>with that kind of advice. Maybe I can even convince them that
>Solitaire can be played on Linux too. ;)

Definitely nuke the machine. Depending on the OS you finally decide
on, make sure it's got antivirus configured to automatically update,
all the OS patches are installed, and that the firewall is setup.

-Chris



Similar ThreadsPosted
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 May 30, 2005, 4:29 am
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 August 30, 2005, 4:26 am
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 October 19, 2005, 4:37 am
E-mail addresses changing hands June 29, 2005, 11:07 am
Web listings. Originators of spam type messages. Names. Addresses. May 14, 2006, 5:32 am
Need help with Zonealarm. Can't connect to internet December 24, 2005, 10:24 am
Mysterious app. tries to connect, no info found yet, any ideas? January 24, 2005, 3:34 am
Is there any third party tools to connect active directory with Oracle? May 9, 2005, 8:03 am
how large can a CRL list get? February 27, 2006, 1:58 pm
How do I list & identify all XP profiles? April 21, 2006, 2:54 pm

The site map in XML format XML site map

Contact Us | Privacy Policy