Broadcasting Block.

[Nimit Mehta]

A machine is having a weird virus "wugrds.exe" which
constantly sends and generates network traffic. I have
looked for tools around but havnt found any. I dont mind
having a 60 kb of file in my C: drive. The virus is on
172.16.0.135. It sends packets constantly to 172.16.0.*
series of machine on my same network. Can i use some ipsec
policy or something to stop it from even seeing 172.16.0.*
series of machines? Umm or something more creative?

 

[Dave]

you might actually want to get rid of it... it is most likely a worm like
sdbot or spybot trying to infect those other machines. it may also be doing
other nasty things the best policy is to unplug that machine until it is
cleaned!

 

[Guest]

I cleaned, i deleted the file, it re-enters from other
machines, i cant find a way out of this problem. I renamed
the extention, deleted registry , ummm made a new dummy
file with same name in same folder after deleting the
infected file. Scanned with norton, Macafee, Avast.

 

[Dave]

then you have to find all the other machines that are infected and clean
them also, and get all patches up to date... sounds like you could be in for
a long weekend. and if you don't have a good firewall between you and the
internet you should get one or it will just come back.