Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Lots of traffic on port 1472 from explorer

From: "Brent Colflesh" <brent.colflesh () ulticom com>
Date: Tue, 21 Sep 2004 16:21:16 -0400
Keylogger?
http://www.pestpatrol.com/pestinfo/k/klp32.asp

Regards,
Brent

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Giuseppe
Milicia
Sent: Tuesday, September 21, 2004 3:14 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Lots of traffic on port 1472 from explorer


Hi guys,

from a home computer I'm seeing lots of traffic generated from
explorer on port 1472 towards the microsoft-ds port, typically
on IP addresses starting with 35.xx.xx.xx

It looks like a worm but I could not find any references around
and Trend Micro detects nothing.

Also there is some hidden process oakklp32.exe which is not shown
by the taskmanager but is costantly active, again I could not
find anything about it!

Ideas? Clues?

Thanks,

--
Giuseppe

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.762 / Virus Database: 510 - Release Date: 9/13/2004

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: