Port 445 is getting hammered internaly

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
Sympact
  • Sympact
  • Posts: 3
  • Joined: Oct 14 03 8:50 pm

Port 445 is getting hammered internaly

Sep 16 04 3:23 pm

Hi,

I have a Windows 2000 sever running wingate 5.x with 12 Windows XP workstations on a domian, I am having a problem where port 445 is getting hammered from the inside of my network. I have recently installed Windows XP SP2 and run updated virus scans on all computers because I thought it might have been the sasser virus with no success. Can anyone shed any light on what might be happening.

take a look:

http://www.sympact.com.au/images/ee/wingate.gif

Any help would be greatly appreciated.
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Sep 16 04 4:04 pm

That does look like a worm trying to propagate. Does your virus scanner include scans for trojans, etc.?
genie
  • genie
  • Posts: 1788
  • Joined: Sep 30 03 10:29 am

Sep 16 04 4:04 pm

It can be a trojan running on your network - can you make a snapshot of processes running on one of the client machines overusing port 445 and send it to me?
jiandc
  • jiandc
  • Posts: 85
  • Joined: May 11 04 12:47 am

Sep 16 04 6:38 pm

I had thesame problem before and was forced to update XP SP2.
We later found out that many of our computers were infected with ws32/sdbot.worm.gen.y. Files that were infected are bling.exe, o.exe and winu32.exe (all in c:\windows\system32). You will notice winu32 running as a task, and manually stoping it will also stop the port 445 activity.

If you are using McAfee, update DAT and restart in safemode then make a full scan. Don't forget to disable system restore.
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index