HELP: My computer is spewing packets into the world... particpating in maybe a trojan initated DDOS?

[AccruedExpenditure]

My ethernet send light is on solid. 90 million packets sent in 12 hours. I believe that my computer has been infected by a trojan. I've ran an updated norton AV but it can't catch it. I've also download the stinger tool and it can't detect anything.

Any suggestions...

I've installed a packet sniffer to see what kind of outbound traffic my computer is sending, it looks like UDP packets directed towards 200.230.118.2
=/

 

[ViRGE]

The best thing to do would be to shut off every last application that isn't nessisary, and then fire up the packet sniffer of choice, and see what's being sent, and where.

 

[AccruedExpenditure]

Originally posted by: ViRGE
The best thing to do would be to shut off every last application that isn't nessisary, and then fire up the packet sniffer of choice, and see what's being sent, and where.

That's the thing, I think the trojan disabled my task manager... anytime I control alt delete to get to my win2k task manager, it the console box disappears and I return to my previous window

 

[illusion88]

Originally posted by: Gnote

Originally posted by: ViRGE
The best thing to do would be to shut off every last application that isn't nessisary, and then fire up the packet sniffer of choice, and see what's being sent, and where.

That's the thing, I think the trojan disabled my task manager... anytime I control alt delete to get to my win2k task manager, it the console box disappears and I return to my previous window

you could try booting into safe mode. That might help, might not.

 

[bleeb]

REFORMAT.

 

[AccruedExpenditure]

Originally posted by: illusion88

Originally posted by: Gnote

Originally posted by: ViRGE
The best thing to do would be to shut off every last application that isn't nessisary, and then fire up the packet sniffer of choice, and see what's being sent, and where.

That's the thing, I think the trojan disabled my task manager... anytime I control alt delete to get to my win2k task manager, it the console box disappears and I return to my previous window

you could try booting into safe mode. That might help, might not.

tried it, no avail, no internet in safemode either.

 

[Savij]

This might be the slammer worm...Norton seems to have trouble detecting it.

Try this removal tool

 

[tranceport]

I would format your box. You most likely have subseven installed on your machine. We recently were the target of about 400 machines hitting our mailserver with a syn attack. Most of the machines I reverse scanned had subseven on them. Most of the machines were also in .nl .sk .ca and a few cox and bellsouth boxes. Also check out what Savij posted.

 

[AccruedExpenditure]

Thanks sajiv and tranceport. I tried your link sajiv and it couldn't find the slammer virus on my hd. I'm pretty sure what I have is some variant of the sub7 trojan on my computer. Short of reformating, does anyone have any ways for me to remedy my issue.

 

[WannaFly]

Originally posted by: Gnote
Thanks sajiv and tranceport. I tried your link sajiv and it couldn't find the slammer virus on my hd. I'm pretty sure what I have is some variant of the sub7 trojan on my computer. Short of reformating, does anyone have any ways for me to remedy my issue.

Eww, sub7 - I had to deal with that one a few times - it never does REALLY go away - if you can spare, reformat. Its a bitch, you think you have it gone, then 2 days later it comes back, and it just repeats over and over.

 

[TuxDave]

have you tried other antivirus like AVG Antivirus? They have a free version available.

http://www.grisoft.com/us/us_index.php

 

[FoBoT]

pull the cable

reformat/reinstall

good luck

 

[beatmix01]

yeah i got a msg on my machine today backdoor.trojan in my serv-u daemom exe... bizarre...nothing was running...uninstalled the app deleted the norton quarantined item hope im good.

 

[Anubis]

Originally posted by: beatmix01
yeah i got a msg on my machine today backdoor.trojan in my serv-u daemom exe... bizarre...nothing was running...uninstalled the app deleted the norton quarantined item hope im good.

funny i got the same thing today when i did a norton scan. same virus. norton quarantined it and i killed it. no idea what it was or now i got it. im behind a huge hardware FW and i run norton and a SW firewall