Thousands of internet sessions from an XP Pro machine
in [Security]
|
From: zaz on 12 Apr 2010 10:26 A client of ours has one XP workstation that is attempting to open thousands of internet sessions. This has the affect of flooding the network with unnessary traffic. This was causing the old Netgear router to crash and we have replaced it with a more sophisticated Draytek which has identified this XP machine as the source of the network traffic. We have put a restriction on their router to prevent this machine from opening up too many connections, which helps the other users on their network, but this machine needs to be stopped from doing this. I have used the usual suspects (Process Explorer, Auto Runs, AVG, MalwareBytes), but am unable to find the culprit on the machine that is causing the problem. Can anyone suggest other utilities, procedures to go through that might help. Other than rebuilding the machine?
From: Leonard Grey on 12 Apr 2010 11:25 If you're not able to discover and remove the malware - and it ain't easy, these days - you'll have to re-build the workstation. If it was my shop, and a client was opening thousands of connections, I would take the machine offline (from the internet and the network) immediately. --- Leonard Grey Errare humanum est zaz wrote: > A client of ours has one XP workstation that is attempting to open thousands > of internet sessions. This has the affect of flooding the network with > unnessary traffic. This was causing the old Netgear router to crash and we > have replaced it with a more sophisticated Draytek which has identified this > XP machine as the source of the network traffic. We have put a restriction > on their router to prevent this machine from opening up too many connections, > which helps the other users on their network, but this machine needs to be > stopped from doing this. > > I have used the usual suspects (Process Explorer, Auto Runs, AVG, > MalwareBytes), but am unable to find the culprit on the machine that is > causing the problem. Can anyone suggest other utilities, procedures to go > through that might help. Other than rebuilding the machine? >
From: "FromTheRafters" erratic on 12 Apr 2010 12:17 "zaz" <bramblewood(a)noemail.noemail> wrote in message news:33BB135C-A654-429C-9A7F-561C2C3A7F7C(a)microsoft.com... >A client of ours has one XP workstation that is attempting to open >thousands > of internet sessions. This has the affect of flooding the network > with > unnessary traffic. This was causing the old Netgear router to crash > and we > have replaced it with a more sophisticated Draytek which has > identified this > XP machine as the source of the network traffic. We have put a > restriction > on their router to prevent this machine from opening up too many > connections, > which helps the other users on their network, but this machine needs > to be > stopped from doing this. > > I have used the usual suspects (Process Explorer, Auto Runs, AVG, > MalwareBytes), but am unable to find the culprit on the machine that > is > causing the problem. Can anyone suggest other utilities, procedures > to go > through that might help. Physically unplug it from the network! > Other than rebuilding the machine? Rebuilding *shouldn't* be that difficult.
From: Twayne on 13 Apr 2010 15:57 In news:33BB135C-A654-429C-9A7F-561C2C3A7F7C(a)microsoft.com, zaz <bramblewood(a)noemail.noemail> typed: > A client of ours has one XP workstation that is attempting > to open thousands of internet sessions. This has the > affect of flooding the network with unnessary traffic. > This was causing the old Netgear router to crash and we > have replaced it with a more sophisticated Draytek which > has identified this XP machine as the source of the network > traffic. We have put a restriction on their router to > prevent this machine from opening up too many connections, > which helps the other users on their network, but this > machine needs to be stopped from doing this. > > I have used the usual suspects (Process Explorer, Auto > Runs, AVG, MalwareBytes), but am unable to find the culprit > on the machine that is causing the problem. Can anyone > suggest other utilities, procedures to go through that > might help. Other than rebuilding the machine? Once you have that machine rebuilt, which is probably your only option, you should make backup startegies a priority issue. If that client had a backup in place he could spend probably a half hour instead of 2+ days to get it all back in place. And there WILL BE a next time a backup will be needed, regardless of attitudes and opinions. HTH, Twayne`
|
Pages: 1 Prev: patchregcleanup-x86.exe Next: Making internal drives read-only |