Educause Security Discussion mailing list archives
Re: Strange virus/worm/trojan on 135/445
From: Steven Alexander <alexander.s () MCCD EDU>
Date: Wed, 24 Nov 2004 09:29:50 -0800
Some trojans reinsert themselves into the registry during shutdown. It may be helpful to clean the registry and then perform a hard reboot rather than allow the system to shutdown normally. Steven
-----Original Message----- From: Jeff Kell [mailto:jeff-kell () UTC EDU] Sent: Tuesday, November 23, 2004 9:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Strange virus/worm/trojan on 135/445 Last week I posted about a strange "infection" on a few dozen local systems that were probing random addresses in the same /8 subnet as the
victim host on tcp/135. Last Friday we started to see similar behavior
from other systems except probing tcp/445. Here is the relevant data collected thus far:
<snip> ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Strange virus/worm/trojan on 135/445 Jeff Kell (Nov 23)
- <Possible follow-ups>
- Re: Strange virus/worm/trojan on 135/445 Wayne J. Hauber (Nov 24)
- Re: Strange virus/worm/trojan on 135/445 Steven Alexander (Nov 24)