Z
zulfer
Hi
Appreciate if someone could help me.
My machine is infected with a worm. When go onto the internet it
randomly connects to a lot of computers on port 445. I've noticed
that when it connects in a similar IP range as mine. For E.g.
203.143.XX.XX
Anyway I've diagnosed this as Sasser worm. Did all the clean ups...
but its still there.
Could u please help me to diagnose this virus and help me remove it.
regards
Zulfer
P.S. I did a NETSTAT and it looks like this
TCP CPQ16143302612:3832 203.143.33.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3833 203.151.135.203:microsoft-ds SYN_SENT
TCP CPQ16143302612:3834 203.151.135.204:microsoft-ds SYN_SENT
TCP CPQ16143302612:3835 203.143.196.196:microsoft-ds SYN_SENT
TCP CPQ16143302612:3836 203.143.180.28:microsoft-ds SYN_SENT
TCP CPQ16143302612:3837 203.143.43.240:microsoft-ds SYN_SENT
TCP CPQ16143302612:3838 203.151.135.197:microsoft-ds SYN_SENT
TCP CPQ16143302612:3839 203.143.234.68:microsoft-ds SYN_SENT
TCP CPQ16143302612:3840 203.143.85.134:microsoft-ds SYN_SENT
TCP CPQ16143302612:3841 203.151.135.198:microsoft-ds SYN_SENT
TCP CPQ16143302612:3842 203.151.135.199:microsoft-ds SYN_SENT
TCP CPQ16143302612:3843 203.151.135.207:microsoft-ds SYN_SENT
TCP CPQ16143302612:3844 203.143.19.109:microsoft-ds SYN_SENT
TCP CPQ16143302612:3845 203.143.236.30:microsoft-ds SYN_SENT
TCP CPQ16143302612:3846 203.143.250.163:microsoft-ds SYN_SENT
TCP CPQ16143302612:3847 203.151.135.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3848 203.143.209.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3849 203.143.127.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3850 203.151.135.206:microsoft-ds SYN_SENT
TCP CPQ16143302612:3851 203.151.135.208:microsoft-ds SYN_SENT
TCP CPQ16143302612:3852 203.151.135.209:microsoft-ds SYN_SENT
* Posted via http://www.sixfiles.com/forum
Appreciate if someone could help me.
My machine is infected with a worm. When go onto the internet it
randomly connects to a lot of computers on port 445. I've noticed
that when it connects in a similar IP range as mine. For E.g.
203.143.XX.XX
Anyway I've diagnosed this as Sasser worm. Did all the clean ups...
but its still there.
Could u please help me to diagnose this virus and help me remove it.
regards
Zulfer
P.S. I did a NETSTAT and it looks like this
TCP CPQ16143302612:3832 203.143.33.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3833 203.151.135.203:microsoft-ds SYN_SENT
TCP CPQ16143302612:3834 203.151.135.204:microsoft-ds SYN_SENT
TCP CPQ16143302612:3835 203.143.196.196:microsoft-ds SYN_SENT
TCP CPQ16143302612:3836 203.143.180.28:microsoft-ds SYN_SENT
TCP CPQ16143302612:3837 203.143.43.240:microsoft-ds SYN_SENT
TCP CPQ16143302612:3838 203.151.135.197:microsoft-ds SYN_SENT
TCP CPQ16143302612:3839 203.143.234.68:microsoft-ds SYN_SENT
TCP CPQ16143302612:3840 203.143.85.134:microsoft-ds SYN_SENT
TCP CPQ16143302612:3841 203.151.135.198:microsoft-ds SYN_SENT
TCP CPQ16143302612:3842 203.151.135.199:microsoft-ds SYN_SENT
TCP CPQ16143302612:3843 203.151.135.207:microsoft-ds SYN_SENT
TCP CPQ16143302612:3844 203.143.19.109:microsoft-ds SYN_SENT
TCP CPQ16143302612:3845 203.143.236.30:microsoft-ds SYN_SENT
TCP CPQ16143302612:3846 203.143.250.163:microsoft-ds SYN_SENT
TCP CPQ16143302612:3847 203.151.135.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3848 203.143.209.205:microsoft-ds SYN_SENT
TCP CPQ16143302612:3849 203.143.127.169:microsoft-ds SYN_SENT
TCP CPQ16143302612:3850 203.151.135.206:microsoft-ds SYN_SENT
TCP CPQ16143302612:3851 203.151.135.208:microsoft-ds SYN_SENT
TCP CPQ16143302612:3852 203.151.135.209:microsoft-ds SYN_SENT
* Posted via http://www.sixfiles.com/forum