OT: Worms and other nasties

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Just found a nasty on my stepsons computer while I was in Merseyside
over the weekend....

I noticed that his internet connection was permanently sending and
receiving information of some sort, and we couldn't stop it for love nor

A quick check using Netstat showed literally hundreds of attempted
connections, one after the other to random IP adresses....

"Hello," thinks I, "This isn't quite right."

So I checked Zone Alarm to find something called "Syshost.exe" lurking
in the programs list....When I disabled it, it also cripled the ability
of any browsers to connect to websites....

A quick google turned up some very worrying information about this
syshost file....How it transfers from machine to machine, and what it's
ultimately used for (ddos attacks)....

Removing it proved to be a bit of a bastard, as I couldn't find the
registry entries that kept re-starting it on every re-boot, but I got
there in the end....

Then when I was a bit bored later on that evening, I tried to explain to
my stepson how to remove it again, in case he ever got it on his system
again....I could see the blank expression on his face, so I started
tinkering about with batch files, and came up with my very first ever
virus removal tool....

I know it's not much, but for a brief moment, I was dead proud of myself....

for photographic restorations

Re: OT: Worms and other nasties

Fat Sam wrote:
Quoted text here. Click to load it

ahh, newbies :)

Actually someone something got past all of our firewalls last week and a
dialer installed on our main graphics machine. once an hour it would try
dial the internet (premium rate). Thankfully no modem attached (we have
a LAN). Quick scan through the registry and found the offending program,
but NO clue how it got there!


x theSpaceGirl (miranda)

# lead designer @ http://www.dhnewmedia.com #
# remove NO SPAM to email, or use form on website #

Re: OT: Worms and other nasties

Quoted text here. Click to load it

I'm sure it had something to do with IE or OE in a windows environment~ Am
I correct?


Site Timeline