|
Posted by =?Utf-8?B?QWtzaGF5IFNyaW5pdmFz on June 26, 2007, 1:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
I installed Ad-Aware 2007 and Windows Defender and ran full system scans and
got nothing. When I turn on my SMTP service there is a flood of TCP/IP
connections bringing my net connection to its knees. Here are a few of the
connections being made:
inetinfo.exe:4184 TCP timewarp.no-ip.org:4788 ms33a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4803 staff.apol.com.tw:25 (smtp)
Closing
inetinfo.exe:4184 TCP timewarp.no-ip.org:4871 ms2a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4874 mx3.url.com.tw:25 (smtp)
Established
[System Process]:0 TCP timewarp.no-ip.org:4878
mta-v7.mail.vip.mud.yahoo.com:25 (smtp) Time_Wait
inetinfo.exe:4184 TCP timewarp.no-ip.org:4882 ms29a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4883 ms42a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4886
mta-v11.mail.vip.re2.yahoo.com:25 (smtp) Closing
inetinfo.exe:4184 TCP timewarp.no-ip.org:4816 ms65a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4832 ms59a.hinet.net:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4855 mx1.url.com.tw:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4868 mx1.url.com.tw:25 (smtp)
Established
inetinfo.exe:4184 TCP timewarp.no-ip.org:4872 news.kkcity.com.tw:25
(smtp) Established
[System Process]:0 TCP timewarp.no-ip.org:4887
mta-v13.mail.vip.re4.yahoo.com:25 (smtp) Time_Wait
[System Process]:0 TCP timewarp.no-ip.org:4890
mta-v13.mail.vip.re4.yahoo.com:25 (smtp) Time_Wait
Hope this helps.
All the best,
Akshay Srinivasan
--
Life is about joy!
"Frank Saunders, MS-MVP OE/WM" wrote:
> > Hi,
> >
> > Suddenly this evening my net connection stopped working. I had not done
> > anything unusual. When I looked at the TCP Connections to the computer I
> > saw
> > that my computer using inetinfo.exe and a System Process 0 was connecting
> > to
> > random SMTP servers all over the world. I initially mistook this as a DoS
> > attack upon my SMTP server. So I stopped the SMTP service and these
> > millions
> > of connections stopped and my net connection started working again. I
> > tried
> > to uninstall and reinstall SMTP and POP3 and this didnt help. The moment
> > the
> > SMTP service was turned on the spamming started again. Anyone know of a
> > worm/virus that might use inetinfo.exe to do something like this in
> > conjunction with the SMTP service. I am keeping my SMTP service switched
> > off
> > but this is not a long term solution as I need email to be up and running.
> >
> > All the best,
> >
> > Akshay Srinivasan
> > --
> > Life is about joy!
>
> Do a thorough check for malware, following all of the steps at one of these
> Web pages.
> Help with malware:
> All MS-MVP Sites.
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/darnit.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>
> Unexplained computer behavior may be caused by deceptive software.
> http://support.microsoft.com/kb/827315
>
> So How Did I Get Infected Anyway?
> For quite a few people it's by installing Messenger Plus, whose ads for
> malware don't identify the malware as such and try to convince you that you
> owe it to the author. See also:
> http://www.wilderssecurity.com/showthread.php?t=27971
> Don't ever do a "default" install of anything. Always choose Custom and see
> what else is being carried along. Don't install any extras you're not sure
> of.
>
> --
> Frank Saunders, MS-MVP OE/WM
> Do not send mail.
>
| 
XML site map