DNS calls to Ukraine destinations

DNS calls to Ukraine destinations
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
DNS calls to Ukraine destinations Gary S. Terhune 09-24-2006
Posted by Dan W. on October 1, 2006, 9:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Gary S. Terhune wrote:
> Thanks, Dave. I've been experiencing this stuff for over three years, off
> and on. After many thousands of dollars in specialists and tests (with no
> insurance), nothing has really changed. I'm hoping that this new round of
> specialist consultations (this time covered by new insurance, I hope)
> results in something more constructive than, "Stop drinking so much coffee!"
> So now I only drink decaf, and not much of that, and nothing's changed much.
> Danged thing tried to lull me by not occurring much over the last several
> months (just occasional dizzy spells), but it's back with a vengeance.
> Scares my wife a lot more than it scares me, but I guess I could do without
> the skidmarks on my forehead, <g>. (And without the attendant memory loss.
> That is what gets to me most. I lose days worth, minimum.)
>

You have my support, Gary and my prayers as well. Godspeed <May God go
with you and your family>

I am indeed a Christian but I will leave it at that since I do not want
to force my beliefs upon anyone else but I felt this response was needed
and I hope my prayers to God help you and your family but I can of
course make no guarantees.

Posted by Dan W. on October 1, 2006, 9:26 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Gary S. Terhune wrote:
> It's all my fault, Dan. And my wife's. Me, I've been experiencing serious
> episodes of suddenly passing out this week, usually while sitting at the
> computer this week, usually while reading these groups. (New tentative
> diagnosis is some form of epilepsy. Seeing specialist on Monday.) Wife,
> meanwhile, had one of her twice yearly killer migraines (she has lots of
> migraines, but this one required Demerol in large quantities, just to stop
> the screaming.)
>
> And, of course, I OWN this NG!! It responds to my every twitch! (JUST
> KIDDING! I have no idea what happened to the server, if anything.
> Unfortunately, the first paragraph above is all too real.)
>

I have contacted Microsoft regarding this issue. I imagine but am not
sure that the test posts are from Microsoft in the 98 general newsgroup.
Thanks Gary!

Dan W.
Computer User

Posted by Dan on September 28, 2006, 11:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
MowGreen wrote:
> Dan,
>
> Still haven't heard from Gary yet. If the malware is not a RootKit then
> we'll get that link posted here. If it is an RK, then we'll have to take
> this to a private thread to block RK writers from observing which tool
> and version is used to remove it. That's what it's come down to lately.
> But if Gary ever contacts us, we'll have him provide you with any info
> you need.
> Hope you understand ;)
>
> MowGreen [MVP 2003-2006]
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> Dan wrote:
>> MowGreen wrote:
>>>>> the ISA logs show this machine making repeated calls on DNS
>>>>> protocol, port 53, to two different IPs that belong to a web
>>>>> hosting company in the Ukraine. I can't help but think that this is
>>>>> malware in action, but can't determine what is doing it.
>>>
>>> Gary,
>>>
>>> As long as you can keep the malware blocked, post the log to the
>>> HijackThis Forum at AumHa:
>>> http://aumha.net/viewforum.php?f=30
>>>
>>> We'll call in the "Experts" if need be and at least identify the
>>> malware, the risk from it, and who's hosting it.
>>>
>>> I'll BCC this. Email me when you post the HJT log and please, provide
>>> us with the IPs, too.
>>>
>>>
>>> MowGreen [MVP 2003-2006]
>>> ===============
>>> *-343-* FDNY
>>> Never Forgotten
>>> ===============
>>>
>>>
>>> Gary S. Terhune wrote:
>>>> I have an XP Pro box on an SBS network (one SBS Premium server w/
>>>> ISA 2004,
>>>> two XP Pro clients.) The box was heavily infected by numerous
>>>> viruses and
>>>> other malware on 9/11. Issues with antivirus installation resulted
>>>> in its
>>>> not updating for some time, but I'm not certain just how it all got
>>>> started.
>>>> Far as I can tell, none of it got to any of the other machines on the
>>>> network,
>>>>
>>>> I cleaned up using various AV and anti-spyware tools (AdAware, Spybot,
>>>> Trend-Micro AV) and it seems to be healthy now, but the ISA logs
>>>> show this
>>>> machine making repeated calls on DNS protocol, port 53, to two
>>>> different IPs
>>>> that belong to a web hosting company in the Ukraine. I can't help
>>>> but think
>>>> that this is malware in action, but can't determine what is doing
>>>> it. The
>>>> ISA firewall is blocking the requests, but I'd like to know what's
>>>> going on.
>>>> Any ideas on how to trace this? I can't find anything in running
>>>> processes
>>>> that isn't supposed to be there. Note that these calls are being
>>>> made even
>>>> when nobody is logged on to the machine. They're averaging one per
>>>> second.
>>>>
>>
>> Well, I hope Gary will provide the link to the HiJack This website in
>> this newsgroup so that other users like me can see what potential
>> malware is in the HiJack This log. Gary, if you do not want to post
>> here then you know my email and please email me where you posted the
>> Hijack This log and thanks in advance because I appreciate all you do
>> for these newsgroups.

Sure, I fully understand and thank you for your consideration. I find
the security aspect of computers fascinating. <grin>


The site map in XML format XML site map

Contact Us | Privacy Policy