Archived from groups: microsoft.public.win2000.security (
More info?)
For future reference you can also use free tools such as TVPView, Process Explorer,
and Autoruns from SysInternals to port to process mappings. process Explorer will
give much more detailed info on processes while Autoruns will startup programs
configured on your computer.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
You also need to take steps to harden your computer from future problems and a clean
install is the best place to start from but that is your decision. The links below
will be helpful. Be sure to use complex passwords on your server, and use the IIS
Lockdown tool after backing up the server including the System State and the IIS
configuration as you can in the IIS Management Console. --- Steve
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=dde9efc0-bb30-47eb-9a61-fd755d23cdec&displaylang=en
http://www.microsoft.com/technet/security/chklist/w2ksvrcl.mspx
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/iis/tips/iis5chk.mspx
<anonymous@discussions.microsoft.com> wrote in message
news:305c01c49fef$6d9025a0$a501280a@phx.gbl...
> hi guys
>
> thank you very much for your help... i have downloaded the
> ethereal and now i am monitoring... will get back soon ...
> and i use norton antivirus in my office ... i scanned for
> virus and it did not show anything ... as per your
> instruction i went to http://housecall.trendmicro.com/ and
> scanned my server ... its is currently showing some
> trojans and still it is scanning ... i guess this might
> solve the problem ... i once again thank you very much for
> sparing your valuable time me..
>
>>-----Original Message-----
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>anonymous@discussions.microsoft.com wrote:
>>| hi
>>|
>>| thanks for the eth real suggestion ... i got antivirus
>>| scanner and it is update up-to date. i scanned for virus
>>| and it did not show any infection. still the server is
>>| broadcasting something ... i can view the full
> utilisation
>>| of this server in router. pls tell me what should i do
>>| now ?
>>|
>>|
>>|
>>|>-----Original Message-----
>>|>Ethereal is a great product used to analyse incoming and
>>|
>>| outgoing network
>>|
>>|>traffic.
>>|>
>>|>Download it here http://www.ethereal.com/
>>|>
>>|>Do you have a Firewall installed on the network or on
>>|
>>| this machine. Also,
>>|
>>|>have you an up to date virus scanner installed.
>>|>
>>|>If you don't have a virus scanner - you should get one.
>>|
>>| In the mean time you
>>|
>>|>can perform a free scan here
>>|
>>| http://housecall.trendmicro.com/
>>|
>>|>
>>|>
>>|><anonymous@discussions.microsoft.com> wrote in message
>>|>news:2ebd01c49fde$a8852270$a501280a@phx.gbl...
>>|>
>>|>>i dont know what it is uploading... but its generating
>>|>>something out ... how could i track what and where it
> is
>>|>>uploading ? i have already installed latest service
> pack
>>|>>and security patches to windows 2000. i have also
>>|>>installed anti virus but not anti-spywares
>>|>>
>>|>>>-----Original Message-----
>>| venkatesh wrote:
>>| | Hi,
>>| | I have a windows 2000 server machine which we use
>>|
>>|> as
>>|
>>| | both WEB server & FTP server. For past 2 days it has
>>|>>>
>>|>>>been
>>|>>>
>>| | generating traffic. It keeps on uploading something,
>>|
>>|> and
>>|
>>| | consumes all our internet bandwidth. I installed many
>>| | fixes and updates, but its of no use. i tried using
>>|
>>|> the
>>|
>>| | command $netstat -a which showed a lot of established
>>| | connections and more than 1000 ports where opened
>>| | automatically which were in "LISTENING" state. what
>>|>>>
>>|>>>should
>>|>>>
>>| | i do now ? Please help me to sort this issue. please
>>|>>>
>>|>>>mail
>>|>>>
>>| | to venkatesh@cgvakindia.com
>>|
>>| Uploading what to where? You mention 'fixes and
>>|
>>|> updates'
>>|
>>|>>>but does that
>>|>>>
>>| include Anti-Virus and/or Anti-Spyware?
>>
>>Did you download Ethereal? If you use it you could see
> where your
>>network traffic was going and that might give you some
> clues as to what
>>is going on. Have you checked to make sure that there are
> no mystery
>>programs running on your server?
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.2.5 (MingW32)
>>Comment: Using GnuPG with Thunderbird -
>
http://enigmail.mozdev.org
>>
>>iD8DBQFBUD5oqmlxlf41jHgRAuNMAKDKJcur1dL459GUrjaurXfbcn040A
> CfTAN1
>>aajcDvwcgdy3P1Q6FkqcMhU=
>>=8u2V
>>-----END PGP SIGNATURE-----
>>.
>>