Prev: Locked out
Next: Issues with network
From: David H. Lipman on 29 Jun 2010 06:42
From: "Anonymous" <nobody(a)remailer.paranoici.org>

| Thanks in advance for anyone who can tell me what exploit this is or
| what hacker program is being used.

| Incoming P137;138 packets from other computers on a wireless WAN

| Able to change XP(Sp2) Network settings to enable file sharing and
| change DNS servers. If port 137;138 are blocked by software firewall,
| still occurs, probably using another port.

| Virus check using Avira , online trendmicro house call and sophos
| rootkit checker shows no infection.


Why are you not using SP3 on WinXP ?

TCP ports 137 and 138 are NetBIOS over IP and does not necessarily mean a malware
infection. This could just be nodes chattering amongst themselves.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: Dustin Cook on 29 Jun 2010 17:18
Anonymous <nobody(a)remailer.paranoici.org> wrote in
news:f45c12fa6dc6e5eb7844b56676fce1c3(a)remailer.paranoici.org:

> Thanks in advance for anyone who can tell me what exploit this is or
> what hacker program is being used.
>
> Incoming P137;138 packets from other computers on a wireless WAN
>
> Able to change XP(Sp2) Network settings to enable file sharing and
> change DNS servers. If port 137;138 are blocked by software firewall,
> still occurs, probably using another port.
>
> Virus check using Avira , online trendmicro house call and sophos
> rootkit checker shows no infection.
>
>

Hmm. fire up wireshark on your local machines and see what process is doing
what.


--
I'm just an ordinary average guy. My friends are all boring, and so am
I. We're just ordinary average guys. We all lead ordinary lives, with
average kids and average wifes. We all go bowling at the bowling lanes;
drink a few beers bowl a few frames. We're just ordinary average guys.
 | 
Pages: 1
Prev: Locked out
Next: Issues with network