Hi,
I have a Windows 2000 sever running wingate 5.x with 12 Windows XP workstations on a domian, I am having a problem where port 445 is getting hammered from the inside of my network. I have recently installed Windows XP SP2 and run updated virus scans on all computers because I thought it might have been the sasser virus with no success. Can anyone shed any light on what might be happening.
take a look:
http://www.sympact.com.au/images/ee/wingate.gif
Any help would be greatly appreciated.
Port 445 is getting hammered internaly
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Port 445 is getting hammered internaly
by Sympact » Sep 16 04 3:23 pm
- Sympact
- Posts: 3
- Joined: Oct 14 03 8:50 pm
by jiandc » Sep 16 04 6:38 pm
I had thesame problem before and was forced to update XP SP2.
We later found out that many of our computers were infected with ws32/sdbot.worm.gen.y. Files that were infected are bling.exe, o.exe and winu32.exe (all in c:\windows\system32). You will notice winu32 running as a task, and manually stoping it will also stop the port 445 activity.
If you are using McAfee, update DAT and restart in safemode then make a full scan. Don't forget to disable system restore.
We later found out that many of our computers were infected with ws32/sdbot.worm.gen.y. Files that were infected are bling.exe, o.exe and winu32.exe (all in c:\windows\system32). You will notice winu32 running as a task, and manually stoping it will also stop the port 445 activity.
If you are using McAfee, update DAT and restart in safemode then make a full scan. Don't forget to disable system restore.
- jiandc
- Posts: 85
- Joined: May 11 04 12:47 am
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest