Educause Security Discussion mailing list archives

Re: Strange virus/worm/trojan on 135/445

From: Steven Alexander <alexander.s () MCCD EDU>
Date: Wed, 24 Nov 2004 09:29:50 -0800

Some trojans reinsert themselves into the registry during shutdown.  It
may be helpful to clean the registry and then perform a hard reboot
rather than allow the system to shutdown normally.

Steven

-----Original Message-----
From: Jeff Kell [mailto:jeff-kell () UTC EDU] 
Sent: Tuesday, November 23, 2004 9:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Strange virus/worm/trojan on 135/445


Last week I posted about a strange "infection" on a few dozen local 
systems that were probing random addresses in the same /8 subnet as the

victim host on tcp/135.  Last Friday we started to see similar behavior

from other systems except probing tcp/445.  Here is the relevant data 
collected thus far:


<snip>

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Strange virus/worm/trojan on 135/445 Jeff Kell (Nov 23)
- <Possible follow-ups>
- Re: Strange virus/worm/trojan on 135/445 Wayne J. Hauber (Nov 24)
- Re: Strange virus/worm/trojan on 135/445 Steven Alexander (Nov 24)