So I've got this problem. I've got it hemmed in for now, but I want to fix it. My main firewall was zonked by a thunderstorm and, while I was waiting for its replacement, I had to use a cheaper one. After the unit was replaced I notice several machines constantly contacting this IP address: 208.99.195.69 on port 135 (messenger/RPC). That IP has no DNS entries that I can find.
After a while the machines that contacted that started sending packets all over the place even when nobody was on the computer - ouch!
Well I've got the stuff hemmed in by adding tons of rules to shut down internet access for the "infected" computers, but I can't find out what the source is. Spybot doesn't find any spyware and Sophos doesn't find any viruses or trojans.
Assuming this is an unrecognized malware, how do I track it down and kill it? I can sniff packets if I open my ports again, but that's not something I'm keen on.
Is there a good forum for these types of puzzles?
After a while the machines that contacted that started sending packets all over the place even when nobody was on the computer - ouch!
Well I've got the stuff hemmed in by adding tons of rules to shut down internet access for the "infected" computers, but I can't find out what the source is. Spybot doesn't find any spyware and Sophos doesn't find any viruses or trojans.
Assuming this is an unrecognized malware, how do I track it down and kill it? I can sniff packets if I open my ports again, but that's not something I'm keen on.
Is there a good forum for these types of puzzles?
Last edited by a moderator: