PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
This occured on Win XP Professional.

Network Connections pops up a prompt literally about every 5 seconds
saying "You [or a program] have requested information from
---.---.---.---.  Which connection to you want to use?"

Each time the prompt appears, it is attempting to connect to a
different IP address (I haven't seen the same one twice).  Of course,
I clicked cancel to each prompt.  I started recording a list of the IP
addresses shown, but I got bored after a few more than 100.

I'll make the wild assumption that this computer has been compromised.
 I've found something called TEEKIDS.EXE running on the system and it
looks (from a Google search) like this is some sort of worm.

Now, this is happening on my parent's computer, and they don't use it
for much more than Solitaire and downloading photos of my niece from a
digi-cam, so I'm not too worried.  But I would like to make this a
learning experience so that I can know what to do in the future.
Nonetheless, please pray for me that nobody does anything malicious
with photos of my niece or my parent's Solitaire scores!

From this I have two questions:

(1) Can anyone tell me what is happening on this computer?  Is this
list of IP addresses pointing to other infected machines?  Or is it
trying randomly to find other machines to infect?

(2) Is there anything -helpful- that I can do with the list of IP
addresses that I've written down?  If they are infected machines, for
example, is there any way to alert those machine owners?

I think I'm going to just wipe their machine clean and re-install the
OS from scratch, so you don't (necessarily) have to try to help me
with that kind of advice.  Maybe I can even convince them that
Solitaire can be played on Linux too. ;)


Re: PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

"PinYinYang" wrote...
Quoted text here. Click to load it

Quoted text here. Click to load it

It's the Blaster worm. You need to download the MS03-039 patch from
microsoft.com and apply it. Remove the worm first (instructions
available from most anti-virus vendor sites).

This worm can exploit any unpatched NT based system just by connecting
the machine to the internet.

Re: PC trying to connect to a huge list of IP addresses. Aye Chihuahua!

On 2 May 2004 09:59:20 -0700, pinyinyang@yahoo.com (PinYinYang) wrote:

Quoted text here. Click to load it

Yes, it's trying to infect othre computers.

Quoted text here. Click to load it

Not really.

Definitely nuke the machine.  Depending on the OS you finally decide
on, make sure it's got antivirus configured to automatically update,
all the OS patches are installed, and that the firewall is setup.


Site Timeline