Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Urgert! Unknown Virus , PC keep on sending to 213.132.196...

  
   Security Forums (Home) -> General Discussions RSS
Next:  Virus Alert Wav  
Author Message
qazaka

External


Since: Feb 21, 2004
Posts: 1



(Msg. 1) Posted: Sat Feb 21, 2004 8:33 pm
Post subject: Urgert! Unknown Virus , PC keep on sending to 213.132.196.211:53 !
Archived from groups: alt>comp>anti-virus (more info?)
Hi,

I try to install the latest DAT for Norton and scan through the PC,
still cannot clean the 'virus'.

When network connection is up, the 'virus' keep sending/syn to 213.132.196.211:53

anyone can help !!

netstat -an show the activity.


TCP 192.168.1.5:1314 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1315 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1316 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1317 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1318 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1319 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1320 213.132.196.211:53 CLOSING
TCP 192.168.1.5:1329 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1330 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1331 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1332 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1333 213.132.196.211:53 TIME_WAIT
TCP 192.168.1.5:1334 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1335 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1336 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1337 213.132.196.211:53 SYN_SENT
TCP 192.168.1.5:1338 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1339 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1340 213.132.196.211:53 FIN_WAIT_1
TCP 192.168.1.5:1341 213.132.196.211:53 SYN_SENT
TCP 192.168.1.5:1342 213.132.196.211:53 SYN_SENT

 >> Stay informed about: Urgert! Unknown Virus , PC keep on sending to 213.132.196... 
Back to top
Login to vote
Duane Arnold

External


Since: Sep 27, 2003
Posts: 215



(Msg. 2) Posted: Sun Feb 22, 2004 4:48 am
Post subject: Re: Urgert! Unknown Virus , PC keep on sending to 213.132.196.211:53 ! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
qazakax.DeleteThis@yahoo.com (qazaka) wrote in
news:a54c9e1e.0402212033.5adc3fe7@posting.google.com:

> Hi,
>
> I try to install the latest DAT for Norton and scan through the PC,
> still cannot clean the 'virus'.
>
> When network connection is up, the 'virus' keep sending/syn to
> 213.132.196.211:53
>
> anyone can help !!
>
Use Active Ports and Process Explorer both are free use Google. You can use
Process Explorer to look inside a running program and see what is using the
running prohram when you use Active Ports to spot the program/process
making the connection, because another program can be using the running
process on its behalf to get out.

Duane Smile

 >> Stay informed about: Urgert! Unknown Virus , PC keep on sending to 213.132.196... 
Back to top
Login to vote
sdlomi2

External


Since: Feb 25, 2004
Posts: 5



(Msg. 3) Posted: Wed Feb 25, 2004 2:58 am
Post subject: Re: Urgert! Unknown Virus , PC keep on sending to 213.132.196.211:53 ! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"qazaka" <qazakax RemoveThis @yahoo.com> wrote in message
news:a54c9e1e.0402212033.5adc3fe7@posting.google.com...
> Hi,
>
> I try to install the latest DAT for Norton and scan through the PC,
> still cannot clean the 'virus'.
>
> When network connection is up, the 'virus' keep sending/syn to
213.132.196.211:53
>
> anyone can help !!
>
> netstat -an show the activity.
>
>
> TCP 192.168.1.5:1314 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1315 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1316 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1317 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1318 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1319 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1320 213.132.196.211:53 CLOSING
> TCP 192.168.1.5:1329 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1330 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1331 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1332 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1333 213.132.196.211:53 TIME_WAIT
> TCP 192.168.1.5:1334 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1335 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1336 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1337 213.132.196.211:53 SYN_SENT
> TCP 192.168.1.5:1338 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1339 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1340 213.132.196.211:53 FIN_WAIT_1
> TCP 192.168.1.5:1341 213.132.196.211:53 SYN_SENT
> TCP 192.168.1.5:1342 213.132.196.211:53 SYN_SENT
Since I was hit last week--hard, I cannot even boot!--my reading hints
you've got a Trojan left over from MyDoom. Think I remember the 'b'version
overwrites the 'a' version and keeps the ports open for "trojan" control,
whatever that is. Do Google for MyDoom virus and narrow down to ports 1314
thru 1342. May find what u have plus how to clean it--almost sure there
were both there. HTH, sdlomi
 >> Stay informed about: Urgert! Unknown Virus , PC keep on sending to 213.132.196... 
Back to top
Login to vote
I. Care

External


Since: Mar 03, 2004
Posts: 2



(Msg. 4) Posted: Wed Mar 03, 2004 9:14 pm
Post subject: Re: Urgert! Unknown Virus , PC keep on sending to 213.132.196.211:53 ! [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In article <103olda4fg0vpcc DeleteThis @corp.supernews.com>, sdlomi2 DeleteThis @yahoo.net
says...
>
> "qazaka" <qazakax DeleteThis @yahoo.com> wrote in message
> news:a54c9e1e.0402212033.5adc3fe7@posting.google.com...
> > Hi,
> >
> > I try to install the latest DAT for Norton and scan through the PC,
> > still cannot clean the 'virus'.
> >
> > When network connection is up, the 'virus' keep sending/syn to
> 213.132.196.211:53
> >
> > anyone can help !!
> >
> > netstat -an show the activity.
> >
> >
> > TCP 192.168.1.5:1314 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1315 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1316 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1317 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1318 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1319 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1320 213.132.196.211:53 CLOSING
> > TCP 192.168.1.5:1329 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1330 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1331 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1332 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1333 213.132.196.211:53 TIME_WAIT
> > TCP 192.168.1.5:1334 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1335 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1336 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1337 213.132.196.211:53 SYN_SENT
> > TCP 192.168.1.5:1338 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1339 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1340 213.132.196.211:53 FIN_WAIT_1
> > TCP 192.168.1.5:1341 213.132.196.211:53 SYN_SENT
> > TCP 192.168.1.5:1342 213.132.196.211:53 SYN_SENT
> Since I was hit last week--hard, I cannot even boot!--my reading hints
> you've got a Trojan left over from MyDoom. Think I remember the 'b'version
> overwrites the 'a' version and keeps the ports open for "trojan" control,
> whatever that is. Do Google for MyDoom virus and narrow down to ports 1314
> thru 1342. May find what u have plus how to clean it--almost sure there
> were both there. HTH, sdlomi
>
>
>
A check with visual trace on 213.132.196.211 reveals the following
information.

Name: redir.myredir.com
IP Address: 213.132.196.211
Location: s-Hertogenbosch (51.767N, 5.533E)
Network: RIPE-213

Registrant:
Redirect 1
Winter (winter@mail-eye.com)
somewhere in Moscow
Moscow
RU,29749
RU
Tel. +095.3649780


Registrant:
Redirect 1
Winter (winter@mail-eye.com)
somewhere in Moscow
Moscow
RU,29749
RU
Tel. +095.3649780

Creation Date: 02-Feb-2004
Expiration Date: 02-Feb-2005

Domain servers in listed order:
ns1.myredir.com
ns2.myredir.com


Administrative Contact:
Redirect 1
Winter (winter@mail-eye.com)
somewhere in Moscow
Moscow
RU,29749
RU
Tel. +095.3649780

Technical Contact:
Redirect 1
Winter (winter@mail-eye.com)
somewhere in Moscow
Moscow
RU,29749
RU
Tel. +095.3649780

Billing Contact:
Redirect 1
Winter (winter@mail-eye.com)
somewhere in Moscow
Moscow
RU,29749
RU
Tel. +095.3649780

Status:ACTIVE

The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about
or
related to a domain name registration record. We make this
information
available as is , and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress
or
load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via direct
mail,
electronic mail, or by telephone. The compilation, repackaging,
dissemination or other use of this data is expressly prohibited
without
prior written consent from us. The registrar of record is
DirectI. We reserve the right to modify
these terms at any time. By submitting this query, you agree to abide
by these terms.


The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network
Solutions.
Network Solutions, therefore, does not guarantee its accuracy or
completeness.
 >> Stay informed about: Urgert! Unknown Virus , PC keep on sending to 213.132.196... 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Sending Virus infected Emails - if you get an email from this email address delete it,its got an html embedded virus mailerservice@aol.com

They are not sending out the virus that looks like it came.. - This is the header info. They changed the subject to Security warning, and the return path is masked to look like MS I got 80 of these last week they all said and looked they were all from Microsoft. Looks like the virus writer changed scripting for....

do virus messages leave footprints in sending computers? - If a person has an virus infected computer that is sending out email using email addresses harvested from the address book, will it be detectable to the owner/operator that this is happening? Or, do the little nasties do their work silently and..

Help please - unknown virus - I had a virus last month that was so bad I had to reformat my hard drive. Anyway, I've been very careful since and have Noryon installed and last updated about 10 days ago. Over the last week I've been getting a lot of the Microsoft critical update..

unknown system process!! VIRUS?? - Hello! I've just recently been checking through all of my processes, after a sys admin at my university took my computer and did god knows what to it. I honestly don't trust the guy (he has no idea what he's doing) and our school has been known to put....
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]