Showdow IP Address Backdoor - Help

Discussion in 'malware problems & news' started by element au, Apr 28, 2006.

Thread Status:
Not open for further replies.
  1. element au

    element au Registered Member

    Apr 28, 2006
    Hello all:

    I have a windows 2000 pro machine with all patches up-to-date (SP4), firewalled (sygate), virus protected (norton 06), and Port Monitor.

    When I bring the machine up (DHCP Mode), it grabs two address from my router, and hides one on the machine using it to redirect all network requests through it. The second address is one number higher (last octet) and starts attempting to reach a few faked IP addresses. One is at Sun Micro and the other two are at NASA.

    I've removed or disabled all users on the box that are not necessary, changed all the passwords, run baseline and followed all its suggestions. What ever this is, it gets fired off by ntoskrnl.exe.

    When I change to a static IP adress, the machine can no longer find the router/network.

    Thanks in advance for your help and suggestions.

    Last edited: Apr 28, 2006
  2. Bubba

    Bubba Updates Team

    Apr 15, 2002
    I'll stand corrected....but I believe ntoskrnl.exe should never appear in TaskMan. So where are you seeing that process ?
  3. emir

    emir Registered Member

    Dec 21, 2005
    I am far from expert but norton is not efficient at all, there are methods on how to disable norton for hackers all over the internet. I strongly suggest Anti-Vir Anti-Virus personal edition, F-Prot antivirus, or AVG is even coming back fairly strong. Also you are attracting more attention opening up more ports with service running on them basically opening yourself up for attack in more ways with port monitor. Sygate is excellent firewall still to this day, if you mean you have the stand alone version not the one that comes with Norton. You need app-defend/reg-defend or process guard once you clean your system(prefferably reformat hard-drive). If you do not want to do this you must try the Cleaner from moosoft, trojan remover, I suggest scouring for stand alone scanner which is highly rated so you don't have to install and take chance of being disabled before you clean system or is able to hide itself since it is already possibly got it's way around your system because this process like the man said should not show up in task manager.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.