CyberCowboy
Senior member
I noticed that my modem lights were glowing non-stop last night and that my machine had activity while I was not downloading/uploading anything at all.
So I did a virus scan with AVG antivirus and Trendmicro's Housecall online virus scanner.
Both came up with nothing.
So I started up Ethereal and stuff was being sent to this address: 213.248.55.66.
The data being sent was this:
:ezmesi!~vhnnta@210006167196.ctinets.com JOIN :#wNTbotz
:l_wlgfrxdm!~ravahp@c-24-13-211-85.client.comcast.net JOIN :#wNTbotz
I have no idea what it is..but anyways.... I went into msconfig and saw that the program RPCX1sq234.exe was set to startup. (YET I CAN'T SEE IT IN TASK MANAGER!!...blah!).
Looked in the registry in "software/microsoft/windows/currentversion/run" and it was labeled "windows update".
So i disabled it.
Anyways.. back to the main point... is this a new worm? And why can't I find this program when I do a search for RPCX1sq234.exe? (oh.. removing the reg entry stops the suspicious activity).
So I did a virus scan with AVG antivirus and Trendmicro's Housecall online virus scanner.
Both came up with nothing.
So I started up Ethereal and stuff was being sent to this address: 213.248.55.66.
The data being sent was this:
:ezmesi!~vhnnta@210006167196.ctinets.com JOIN :#wNTbotz
:l_wlgfrxdm!~ravahp@c-24-13-211-85.client.comcast.net JOIN :#wNTbotz
I have no idea what it is..but anyways.... I went into msconfig and saw that the program RPCX1sq234.exe was set to startup. (YET I CAN'T SEE IT IN TASK MANAGER!!...blah!).
Looked in the registry in "software/microsoft/windows/currentversion/run" and it was labeled "windows update".
So i disabled it.
Anyways.. back to the main point... is this a new worm? And why can't I find this program when I do a search for RPCX1sq234.exe? (oh.. removing the reg entry stops the suspicious activity).
