【病毒】請告知中了何種病毒?一直傳送郵件

a007 · 09:58 AM

1. 如附件[ 用 Tcpview 監看的].

2. 一連線沒多久, svchost:1344 [重新連線就不一定1344] 就一直增加外侵者. 有時會一直重送郵件.

3. 用 norton 掃描無發現病毒. 用其他線上掃毒依然掃不到病毒.

4. 請高手幫忙

5. 附件內容如下:

用 Tcpview 監看如下:

Process-------------- Protocl-----Local Address---Remote Address-------------state

[System Process]:0 TCP y00x:6811 eztexting.com:3034 TIME_WAIT
[System Process]:0 TCP y00x:6811 52.e3.344a.static.theplanet.com:4532 TIME_WAIT
[System Process]:0 TCP y00x:1032 localhost:2428 TIME_WAIT

CCAPP.EXE:3480 TCP y00x:2436 mta5.grp.scd.yahoo.com:smtp ESTABLISHED

svchost.exe:1344 TCP y00x:6811 y00x:0 LISTENING
svchost.exe:1344 TCP y00x:2004 pwfwd-v01.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2008 ev1s-209-62-20-192.ev1servers.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2009 web2.4wdns.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2010 64.8.20.50:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2251 212.150.164.19:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2252 74-52-77-50.webbytechnologies.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2253 a100.nthosting.ru:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2254 leapcash.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:1813 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2255 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2256 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2368 eris.diyhost.co.uk:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2415 parkwebwin-v02.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2417 18.64.232.72.static.reverse.ltdomains.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2422 mars.getpaidsolutions.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2427 217.174.104.187:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2435 :1032 FIN_WAIT2
svchost.exe:1344 TCP y00x:2442 mail.ol7.com:http CLOSE_WAIT
Thanks

direction

引用:

作者: a007

1. 如附件[ 用 Tcpview 監看的].

2. 一連線沒多久, svchost:1344 [重新連線就不一定1344] 就一直增加外侵者. 有時會一直重送郵件.

3. 用 norton 掃描無發現病毒. 用其他線上掃毒依然掃不到病毒.

4. 請高手幫忙

5. 附件內容如下:

用 Tcpview 監看如下:

Process-------------- Protocl-----Local Address---Remote Address-------------state

[System Process]:0 TCP y00x:6811 eztexting.com:3034 TIME_WAIT
[System Process]:0 TCP y00x:6811 52.e3.344a.static.theplanet.com:4532 TIME_WAIT
[System Process]:0 TCP y00x:1032 localhost:2428 TIME_WAIT

CCAPP.EXE:3480 TCP y00x:2436 mta5.grp.scd.yahoo.com:smtp ESTABLISHED

svchost.exe:1344 TCP y00x:6811 y00x:0 LISTENING
svchost.exe:1344 TCP y00x:2004 pwfwd-v01.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2008 ev1s-209-62-20-192.ev1servers.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2009 web2.4wdns.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2010 64.8.20.50:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2251 212.150.164.19:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2252 74-52-77-50.webbytechnologies.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2253 a100.nthosting.ru:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2254 leapcash.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:1813 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2255 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2256 localhost:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2368 eris.diyhost.co.uk:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2415 parkwebwin-v02.prod.mesa1.secureserver.net:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2417 18.64.232.72.static.reverse.ltdomains.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2422 mars.getpaidsolutions.com:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2427 217.174.104.187:http CLOSE_WAIT
svchost.exe:1344 TCP y00x:2435 :1032 FIN_WAIT2
svchost.exe:1344 TCP y00x:2442 mail.ol7.com:http CLOSE_WAIT
Thanks

看起來很像我前幾天中的，連他連線的網址都很像...
我最後是true image...