nine, I happen to notice your Seccheck submission to my system...we just released v2.1 of SecCheck and are having some intermittent submission...
I don't have removal instructions but this decribes the worm and most importantly how to close the security hole that IO uses:...
I've seen Warez pirates rename Serv-u-FTP as that file...though it is usually put in a non windows directory...for example: Fport output: 844...
Dude..you can't fix this problem with dis-infection alone...you'll just get re-infected within minutes of connecting to the Internet: See:...
I'd really like to know where that number came from "reported" by who. I'm getting the impression that people are using the udp/137 port scan...
I believe Opasoft is real...suspect Bugbear is being overhyped: http://www.mynetwatchman.com/kb/security/articles/opasoft/cumulative.htm...
Re:Linux/Slapper-A --Cure has been found! I do commend F-Secure for taking that action, but believe they have overstated the uniqueness of that...
I called samspade's owner on the statements he makes about firewalls. We both agree that current Firewalls do an extremely poor job of...
The infected host was in an academic environment. This has to be the most challenging for a security administrator...the whole "default deny"...
I am by no means against AV, however, I think way too many users think of it as a comprehensive solution...when for some types of attacks it...
..this one is pretty nasty..I sent the following email out to about 20 different organizations that were involved in this incident: FYI, We...
NAT provides firewall-like properties by following a simple rule...inbound packets are blocked, unless there is an existing connection that was...
Are you using Bring-your-own-access AOL? If so, then you will get a second IP address from AOL which is what web sites on the Internet will see...
Do you obtain your IP via DHCP? If so it's likely *sticky* vs. static. Email me if you're interested in experimenting..I've been working on...
This is absolutely the case, however, it is also why it IS valuable to report it...so that the infected person can be notified. By my estimate...
Port 6346 is typically associated with the p2p file sharing protocol Gnutella. The only reason you're getting probed is because the previous user...
How does your Cable modem connected to your computer? If by USB, then it's a USB cable modem If by Ethernet, then it's an Ethernet cable modem...
Is there a way to quickly find the threads that I've posted to?
I'm most concerned with *domain* Whois records. For North America this is maintained by ARIN (hence whois.arin.net). It is ultimately the...
Sorry for the delay..I haven't figured out how to get a list of active posts on this forum...hard to keep track. myNetWatchman sends about 75,000...
Snowy...would be glad to help you pull a packet trace and analyze this if u'r interested..message me and see:...
Not exactly. Yes, netstat will show you the sites that you are connecting too. However, connecting to ONE web site, often results in *many*...
The activity I'm looking at all has a *source* UDP port of 1239...destination of random. I doubt your UDP activity was lop.com related, unless...
Re:C2Media - MP3search.com warning http://www.pcworld.com/news/article/0,aid,101916,00.asp Last paragraph from above link: Britain-based C2...
Re:JimmySurf?? The payload of these UDP probes makes references to the following URL: http://rub.to/pops/jimmy.html Clicking on the image...
Separate names with a comma.