G
Guest
Guest
Archived from groups: comp.security.firewalls (More info?)
A friend of mine openned an email from which had a virus attached to
it. After doing a complete virus scan, trojan scan and a reboot, I
did a "netstat -a" to check and see if I had anything suspicious
attempting connections to the net or vice-versa, here's a part of what
it spit out:
TCP inspiron:1049 www.milfseeker.com:1041 TIME_WAIT
TCP inspiron:1051 www.milfseeker.com:1041 TIME_WAIT
The reason why it is now in time_wait state is because I blocked that
URL with my firewall after seeing the URL in the netstat. I am trying
to figure out what application is launching this connection attempt.
My firewall does not detect a new app attempting to access the net
which makes me think the virus has piggy backed itself to an
authorized application. I've done several reboots and after I do a
netstat, the connection attempts are still being done. Any insite
will be appreciated. Thanx.
BTW, milfseeker.com is a porn site.
A friend of mine openned an email from which had a virus attached to
it. After doing a complete virus scan, trojan scan and a reboot, I
did a "netstat -a" to check and see if I had anything suspicious
attempting connections to the net or vice-versa, here's a part of what
it spit out:
TCP inspiron:1049 www.milfseeker.com:1041 TIME_WAIT
TCP inspiron:1051 www.milfseeker.com:1041 TIME_WAIT
The reason why it is now in time_wait state is because I blocked that
URL with my firewall after seeing the URL in the netstat. I am trying
to figure out what application is launching this connection attempt.
My firewall does not detect a new app attempting to access the net
which makes me think the virus has piggy backed itself to an
authorized application. I've done several reboots and after I do a
netstat, the connection attempts are still being done. Any insite
will be appreciated. Thanx.
BTW, milfseeker.com is a porn site.