A
Anonymous
about the strange worm ...
Hello,
This is also an announcement about a new type of worm(???) I've just detected. I'm running an ADSL internet connection over a DSL router where my computers are connected to. I've wondered that my bandwidth is enormously exploited by something and my connection is fucking slow. After some days I just was not able anymore to connect to internet over the router, but just from one computer! That means that all other connections were still alive! I saw that on the (infected) machine there was a constant upstream of about 3-4 kbps although there were no sending processes ( i thought )! In the Security Log of my Firewall I've detected some entries like "26.04.2004 01:52:34 **SYN Flood** 192.168.2.101, 3940->> 192.168.224.44, 135 (von PPPOE - Ausgang)" but always with different source ports ( lookls like a kind of scan ) and even with some variations of different local IPs and Ports! Anyway, I examined the running processes on my machine and found a strange one called taskmanagr.exe ( NOTE: the real Taskmanager process is called TASKMGR.EXE )
I've killed the process and my connection reestablished without any problem and with full bandwidth!
Aftr a global query on my harddisks the only file called taskmanagr.exe (and some concatenations) i've found was situated at windows/prefetch ! A scan in my registry addicted to a link in HKEY_CURRENT_USER/Software/Microsoft/Search Assistant/ACMru/5603/ with a key taskmanagr.exe ! After a google on the HKEY... string i've found this forum and topic, with similar content. Therefore i've posted message, perhaps it could be helpful to someone !
Greetings
VLAD
Hello,
This is also an announcement about a new type of worm(???) I've just detected. I'm running an ADSL internet connection over a DSL router where my computers are connected to. I've wondered that my bandwidth is enormously exploited by something and my connection is fucking slow. After some days I just was not able anymore to connect to internet over the router, but just from one computer! That means that all other connections were still alive! I saw that on the (infected) machine there was a constant upstream of about 3-4 kbps although there were no sending processes ( i thought )! In the Security Log of my Firewall I've detected some entries like "26.04.2004 01:52:34 **SYN Flood** 192.168.2.101, 3940->> 192.168.224.44, 135 (von PPPOE - Ausgang)" but always with different source ports ( lookls like a kind of scan ) and even with some variations of different local IPs and Ports! Anyway, I examined the running processes on my machine and found a strange one called taskmanagr.exe ( NOTE: the real Taskmanager process is called TASKMGR.EXE )
I've killed the process and my connection reestablished without any problem and with full bandwidth!
Aftr a global query on my harddisks the only file called taskmanagr.exe (and some concatenations) i've found was situated at windows/prefetch ! A scan in my registry addicted to a link in HKEY_CURRENT_USER/Software/Microsoft/Search Assistant/ACMru/5603/ with a key taskmanagr.exe ! After a google on the HKEY... string i've found this forum and topic, with similar content. Therefore i've posted message, perhaps it could be helpful to someone !
Greetings
VLAD
