Port 445 Worm

  • Thread starter Thread starter zulfer
  • Start date Start date
Z

zulfer

Hi

Appreciate if someone could help me.

My machine is infected with a worm. When go onto the internet it
randomly connects to a lot of computers on port 445. I've noticed
that when it connects in a similar IP range as mine. For E.g.
203.143.XX.XX

Anyway I've diagnosed this as Sasser worm. Did all the clean ups...
but its still there.

Could u please help me to diagnose this virus and help me remove it.

regards

Zulfer

P.S. I did a NETSTAT and it looks like this

TCP CPQ16143302612:3832 203.143.33.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3833 203.151.135.203:microsoft-ds SYN_SENT
TCP CPQ16143302612:3834 203.151.135.204:microsoft-ds SYN_SENT
TCP CPQ16143302612:3835 203.143.196.196:microsoft-ds SYN_SENT
TCP CPQ16143302612:3836 203.143.180.28:microsoft-ds SYN_SENT
TCP CPQ16143302612:3837 203.143.43.240:microsoft-ds SYN_SENT
TCP CPQ16143302612:3838 203.151.135.197:microsoft-ds SYN_SENT
TCP CPQ16143302612:3839 203.143.234.68:microsoft-ds SYN_SENT
TCP CPQ16143302612:3840 203.143.85.134:microsoft-ds SYN_SENT
TCP CPQ16143302612:3841 203.151.135.198:microsoft-ds SYN_SENT
TCP CPQ16143302612:3842 203.151.135.199:microsoft-ds SYN_SENT
TCP CPQ16143302612:3843 203.151.135.207:microsoft-ds SYN_SENT
TCP CPQ16143302612:3844 203.143.19.109:microsoft-ds SYN_SENT
TCP CPQ16143302612:3845 203.143.236.30:microsoft-ds SYN_SENT
TCP CPQ16143302612:3846 203.143.250.163:microsoft-ds SYN_SENT
TCP CPQ16143302612:3847 203.151.135.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3848 203.143.209.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3849 203.143.127.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3850 203.151.135.206:microsoft-ds SYN_SENT
TCP CPQ16143302612:3851 203.151.135.208:microsoft-ds SYN_SENT
TCP CPQ16143302612:3852 203.151.135.209:microsoft-ds SYN_SENT

* Posted via http://www.sixfiles.com/forum
 
get a firewall such as zone alarm and don't allow access. I would also
recommend that you install some kind of anti-virus if you haven't
already such as AVG Free Edition www.grisoft.com and also install
spybot and clean up any spyware.
 
Back
Top