L
Lola
I hope this is the right board for this - I think this is
a security question.....
During the recent high activity with viruses, worms,
torjans, and the issuse of unauthorized access to machines
through enternet usage, I apparently got a virus that
seemed to access the internet on it's own. I saved my
data, reformatted the hard drive and reinstalled - I also
got new virus protection and firewall. I have been
observing my firewall logs, but unfortunately, I am not
sure what it all means. I have an extremely high activity
(littereally over a thousand per day) with the application
name ntoskrnl.exe. I know this is a basic part of
windows, but can't figure out what it does. Why is it
constantly going out on my connection? Is it just part of
my network? (two computers, peer-to-peer, one is off right
now) Is it trying to find my other computer? or is it some
intrusion?
It is in the protocal is UDP, both the remote and local
ports are 137, and sometimes both ip addresses are this
computers, sometimes it show the same submask number my
network uses.
Again, I hope this is the correct board, and I am sorry
it's such a long question, but I would really appreciate
any help.
Thanks
a security question.....
During the recent high activity with viruses, worms,
torjans, and the issuse of unauthorized access to machines
through enternet usage, I apparently got a virus that
seemed to access the internet on it's own. I saved my
data, reformatted the hard drive and reinstalled - I also
got new virus protection and firewall. I have been
observing my firewall logs, but unfortunately, I am not
sure what it all means. I have an extremely high activity
(littereally over a thousand per day) with the application
name ntoskrnl.exe. I know this is a basic part of
windows, but can't figure out what it does. Why is it
constantly going out on my connection? Is it just part of
my network? (two computers, peer-to-peer, one is off right
now) Is it trying to find my other computer? or is it some
intrusion?
It is in the protocal is UDP, both the remote and local
ports are 137, and sometimes both ip addresses are this
computers, sometimes it show the same submask number my
network uses.
Again, I hope this is the correct board, and I am sorry
it's such a long question, but I would really appreciate
any help.
Thanks