Can somebody tell me what the heck is this?

[sillymofo]

Pix

OK, so a while back I got pwned with sasser virus (infected lsass), I patched, AVG found it and quarantined it. But, then there are these damn IRC/Backdoor.SDBot.[1-9].[a-z] viri were found. Before the connections (see pix) were established, status were syn_sent. WTF? Delpart? Format? Shoot comp? For some reasons, I can't trace these damn routes, can some one do that for me? :cookie;

 

[Harvey]

Search results for: 192.155.9.17

OrgName: CMP Publications Inc.
OrgID: CMPPUB
Address: 600 Community Drive,
City: Manhasset
StateProv: NY
PostalCode: 11030
Country: US

NetRange: 192.155.9.0 - 192.155.9.255
CIDR: 192.155.9.0/24
NetName: CMP-COM1
NetHandle: NET-192-155-9-0-1
Parent: NET-192-0-0-0-0
NetType: Direct Assignment
Comment:
RegDate: 1992-04-09
Updated: 1992-04-09

TechHandle: SF91-ARIN
TechName: Fulton, Sean
TechPhone: +1-516-562-5430
TechEmail: sean@ost.com

CMP Publications Inc. Not a tracert or ping (which timed out), but it's the best I could find.

 

[sillymofo]

Thanks Harvey, but that's my IP (private), I ran a netstat -an, so the 200.x.x.x would be the other guys. Thanks regardless.

 

[Talon]

First one.

inetnum: 200.42.191.144/29
status: reallocated
owner: PRODUCTOS Y SERVICIOS BIOQUIMICOS
ownerid: CL-PYSB-LACNIC
responsible: Daniel Cross
address: CAMILO HENRIQUEZ 476 OFICINA - QUILPUE, 476,
address: 476 - quilpue -
country: CL
phone: +56 09 2198497 []
owner-c: OSB
tech-c: OSB
created: 20030205
changed: 20030205
inetnum-up: 200.42.176/20

nic-hdl: OSB
person: Oscar Belmar
e-mail: obelmar@ISP.TIE.CL
address: Bandera, 168, Piso 5
address: 00 - Santiago -
country: CL
phone: +56 02 6946143 []
created: 20020906
changed: 20020906

 

[sillymofo]

Thanks. AT affect?