A quick booted-from-DVD-cuz-the-O/S-has-a-virus “Howdy” to y’all!
Got bad juju on my office PC. TCPView has HUNDREDS of entires similar to these:
[System Process]:0 TCP (MyComputer):3037 sinatra.amat.com:domain TIME_WAIT
[System Process]:0 TCP (MyComputer):3040 (NetworkServer):domain TIME_WAIT
[System Process]:0 TCP (MyComputer):3043 (NetworkServer):domain TIME_WAIT
[System Process]:0 TCP (MyComputer):3046 (NetworkServer):domain TIME_WAIT
[System Process]:0 TCP (MyComputer):3049 (NetworkServer):domain TIME_WAIT
[System Process]:0 TCP (MyComputer):3052 (NetworkServer):domain TIME_WAIT
Ports being used are between 1025 and 5000; usually skipping by 2s or 3s. When the spawning process gets to 5000, it begins over again at 1025.
Lather. Rinse. Repeat.
It LOOKS like a “rootkit” virus, but, if so, it’s so new that McAfee didn’t catch it, and their online “stinger” tool detected nothing amiss amongst the 1,077,383 files on my hard drive.
GOOD NEWS is I get a NEW machine in a few days. BAD NEWS is I’m supposed to be hard at work on a mission critical project; not debugging my machine. Tech support was at my desk, yesterday, and did an hours worth of nosing around, but all that they offered was to migrate my data to a new profile; a “solution” with something like 50/50 odds of actually curing the problem. You’d think they’d have offered to re-image my system and migrate my profile to that fresh image, but they didn’t.
So, unless I change my mind and let them go through the likely-useless exercise of making me a new profile, I’m stuck doing this myself until my new machine is ready.
Hope all of you are having more fun than this!
Yup! Except for the fact that I have to keep a second machine in my office ONLY because I can't upload powerpoints to NetMeeting (LiveMeeting?) from my primary machine, my laptop, and giant corporate IT just can't figure out why.