• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can anyone id these virii?

F

FrecklesTheDestroyer

Junior Member
Couldn't find a good security forum, thought I'd post here. I have one virus on my buddy's box, termserv.exe, constantly sending out packets to random ip's on the network on port 113 (ident), and I have another on my mom's laptop ntfs16.exe hitting port 443 in the same way. Between both, they have my freesco box's masq table filled up good :| and I had to set the masq timeouts EXTREMELY low. If either of these sound familar to anyone, please post anyone info you can. I can't find ANY info on ntfs16.exe and a search for termserv.exe just gives me windows terminal service or a virus (which I couldn't find any traces of otherwise (aradmin, or something like that)). Any info would be greatly appreciated.

thanks
 
I came to the conclusion it was termserv.exe by killing the process and watching the link status (my buddy's box (the one running termserv.exe) was sending out 100-200 packets a second, without anything else running) as soon as I killed that app, the packets stopped jumping up like that. Here's a VERY SMALL clip of my masq table from last night:

tcp 00:47.79 192.168.1.11 192.168.14.125 3633 (62776) -> 113
tcp 00:38.72 192.168.1.11 192.168.105.207 3372 (62520) -> 113
tcp 00:29.92 192.168.1.11 192.168.171.184 3117 (62264) -> 113
tcp 00:20.07 192.168.1.11 192.168.19.201 4719 (62008) -> 113
tcp 00:11.22 192.168.1.11 192.168.122.49 4459 (61752) -> 113
tcp 00:01.37 192.168.1.11 192.168.87.84 4199 (61496) -> 113
tcp 00:57.42 192.168.1.11 192.168.243.8 3890 (63031) -> 113

and the whole table was like this. Anyone familar with this one?

Thanks for the link, btw 🙂
 
I used the network connection status in xp. All it says is the # of packets tho. To find the program sending packets I just killed the sketchy looking processes one by one, watching the status window. When it stopped jumping up, I found my program.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top