-
3 個附加檔案
【病毒】請告知中了何種病毒?一直傳送郵件
[SIZE="3"][/SIZE]:( 1. 如附件[ 用 Tcpview 監看的].
2. 一連線沒多久, svchost:1344 [重新連線就不一定1344] 就一直增加外侵者. 有時會一直重送郵件.
3. 用 norton 掃描無發現病毒. 用其他線上掃毒依然掃不到病毒.
4. 請高手幫忙
5. 附件內容如下:
用 Tcpview 監看如下:
[SIZE="3"]Process-------------- Protocl-----Local Address---Remote Address-------------state
[System Process]:0 TCP y00x:6811 eztexting.com:3034 TIME_WAIT
[System Process]:0 TCP y00x:6811 52.e3.344a.static.theplanet.com:4532 TIME_WAIT
[System Process]:0 TCP y00x:1032 localhost:2428 TIME_WAIT
CCAPP.EXE:3480 TCP y00x:2436 mta5.grp.scd.yahoo.com:smtp ESTABLISHED
svchost.exe:1344 TCP y00x:6811 y00x:0 LISTENING
svchost.exe:1344 TCP y00x:2004 pwfwd-v01.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2008 ev1s-209-62-20-192.ev1servers.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2009 web2.4wdns.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2010 64.8.20.50:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2251 212.150.164.19:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2252 74-52-77-50.webbytechnologies.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2253 a100.nthosting.ru:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2254 leapcash.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:1813 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2255 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2256 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2368 eris.diyhost.co.uk:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2415 parkwebwin-v02.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2417 18.64.232.72.static.reverse.ltdomains.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2422 mars.getpaidsolutions.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2427 217.174.104.187:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2435 :1032 FIN_WAIT2
svchost.exe:1344 TCP y00x:2442 [COLOR="Red"]mail.ol7.com:http [/COLOR] CLOSE_WAIT[/SIZE]
Thanks
-
回覆: 【病毒】請告知中了何種病毒?一直傳送郵件
[QUOTE=a007;984193][SIZE="3"][/SIZE]:( 1. 如附件[ 用 Tcpview 監看的].
2. 一連線沒多久, svchost:1344 [重新連線就不一定1344] 就一直增加外侵者. 有時會一直重送郵件.
3. 用 norton 掃描無發現病毒. 用其他線上掃毒依然掃不到病毒.
4. 請高手幫忙
5. 附件內容如下:
用 Tcpview 監看如下:
[SIZE="3"]Process-------------- Protocl-----Local Address---Remote Address-------------state
[System Process]:0 TCP y00x:6811 eztexting.com:3034 TIME_WAIT
[System Process]:0 TCP y00x:6811 52.e3.344a.static.theplanet.com:4532 TIME_WAIT
[System Process]:0 TCP y00x:1032 localhost:2428 TIME_WAIT
CCAPP.EXE:3480 TCP y00x:2436 mta5.grp.scd.yahoo.com:smtp ESTABLISHED
svchost.exe:1344 TCP y00x:6811 y00x:0 LISTENING
svchost.exe:1344 TCP y00x:2004 pwfwd-v01.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2008 ev1s-209-62-20-192.ev1servers.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2009 web2.4wdns.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2010 64.8.20.50:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2251 212.150.164.19:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2252 74-52-77-50.webbytechnologies.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2253 a100.nthosting.ru:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2254 leapcash.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:1813 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2255 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2256 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2368 eris.diyhost.co.uk:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2415 parkwebwin-v02.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2417 18.64.232.72.static.reverse.ltdomains.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2422 mars.getpaidsolutions.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2427 217.174.104.187:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2435 :1032 FIN_WAIT2
svchost.exe:1344 TCP y00x:2442 [COLOR="Red"]mail.ol7.com:http [/COLOR] CLOSE_WAIT[/SIZE]
Thanks[/QUOTE]
看起來很像我前幾天中的,連他連線的網址都很像...
我最後是true image...
