| [Question] Điều tra Máy nhiễm virus bằng manual |
14/07/2010 10:51:51 (+0700) | #1 | 215296 |
van_security
Member
![[Minus]](/hvaonline/templates/viet/images/minus.gif "[Minus]") |
0 |
![[Plus]](/hvaonline/templates/viet/images/plus.gif "[Plus]")
|
|
Joined: 08/10/2009 14:02:39
Messages: 159
Offline
|
|
Chào mọi người,
Mình có 1 máy nghi dính virus, Vì chạy rất chậm thao tác chuột cũng rất chậm.
Hiện mình dùng lệnh
netstat -na
Thì thấy nhiều session từ các IP lạ mở Port 25 như sau:
Nhờ mọi người cố vấn và phân tích dùm
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:16586 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1061 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1066 127.0.0.1:40000 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:40000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:40000 127.0.0.1:1066 ESTABLISHED
TCP 192.168.1.186:139 0.0.0.0:0 LISTENING
TCP 192.168.1.186:1057 192.168.1.1:445 ESTABLISHED
TCP 192.168.1.186:1201 209.61.182.160:25 TIME_WAIT
TCP 192.168.1.186:1213 38.113.116.194:25 FIN_WAIT_1
TCP 192.168.1.186:1304 82.194.75.92:25 ESTABLISHED
TCP 192.168.1.186:1308 38.113.116.194:25 ESTABLISHED
TCP 192.168.1.186:1329 198.161.2.111:25 TIME_WAIT
TCP 192.168.1.186:1348 200.45.191.214:25 SYN_SENT
TCP 192.168.1.186:1349 81.169.145.100:25 SYN_SENT
TCP 192.168.1.186:1350 64.18.5.11:25 SYN_SENT
TCP 192.168.1.186:1353 66.251.20.178:25 SYN_SENT
TCP 192.168.1.186:1354 74.125.53.27:25 SYN_SENT
TCP 192.168.1.186:1355 64.18.7.14:25 SYN_SENT
TCP 192.168.1.186:1356 69.70.219.18:25 SYN_SENT
TCP 192.168.1.186:1357 213.163.71.245:25 SYN_SENT
TCP 192.168.1.186:1358 66.167.102.155:25 ESTABLISHED
TCP 192.168.1.186:1359 216.174.117.229:25 SYN_SENT
TCP 192.168.1.186:1360 208.69.85.40:25 SYN_SENT
TCP 192.168.1.186:1361 217.169.111.37:25 SYN_SENT
TCP 192.168.1.186:1362 213.186.33.29:25 SYN_SENT
TCP 192.168.1.186:1370 203.100.58.101:25 SYN_SENT
TCP 192.168.1.186:1375 24.249.225.12:25 SYN_SENT
TCP 192.168.1.186:1376 67.231.144.18:25 SYN_SENT
TCP 192.168.1.186:1377 77.75.100.210:25 SYN_SENT
TCP 192.168.1.186:1379 74.125.43.27:25 TIME_WAIT
TCP 192.168.1.186:1380 38.106.76.114:25 SYN_SENT
TCP 192.168.1.186:1381 208.87.234.190:25 SYN_SENT
TCP 192.168.1.186:1382 208.87.234.190:25 SYN_SENT
TCP 192.168.1.186:1384 203.50.40.137:25 SYN_SENT
TCP 192.168.1.186:1386 80.127.109.245:25 SYN_SENT
TCP 192.168.1.186:1387 88.79.105.162:25 SYN_SENT
TCP 192.168.1.186:1388 83.172.135.151:25 SYN_SENT
TCP 192.168.1.186:1389 208.65.144.13:25 SYN_SENT
TCP 192.168.1.186:1390 205.188.103.1:25 SYN_SENT
TCP 192.168.1.186:1391 205.188.103.1:25 SYN_SENT
TCP 192.168.1.186:1392 205.188.103.1:25 SYN_SENT
TCP 192.168.1.186:1393 205.188.103.1:25 SYN_SENT
TCP 192.168.1.186:1394 205.188.103.1:25 SYN_SENT
TCP 192.168.1.186:1395 206.132.126.2:25 SYN_SENT
TCP 192.168.1.186:1396 216.32.180.22:25 SYN_SENT
TCP 192.168.1.186:1397 61.145.121.80:25 SYN_SENT
TCP 192.168.1.186:1398 68.142.202.129:25 SYN_SENT
TCP 192.168.1.186:1399 65.115.137.5:25 TIME_WAIT
TCP 192.168.1.186:1400 209.151.133.250:25 SYN_SENT
TCP 192.168.1.186:1401 24.97.113.163:25 SYN_SENT
TCP 192.168.1.186:1402 72.26.99.189:25 SYN_SENT
TCP 192.168.1.186:1403 88.191.253.31:25 SYN_SENT
TCP 192.168.1.186:1404 95.168.205.15:25 SYN_SENT
TCP 192.168.1.186:1405 62.73.140.40:25 SYN_SENT
TCP 192.168.1.186:1406 200.6.55.16:25 SYN_SENT
TCP 192.168.1.186:1407 79.140.77.211:25 SYN_SENT
TCP 192.168.1.186:1408 190.34.213.131:25 SYN_SENT
TCP 192.168.1.186:1409 195.145.98.131:25 ESTABLISHED
TCP 192.168.1.186:1411 85.12.98.38:25 SYN_SENT
TCP 192.168.1.186:1412 207.115.11.16:25 SYN_SENT
TCP 192.168.1.186:1413 87.86.91.250:25 SYN_SENT
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1025 *:*
UDP 0.0.0.0:1027 *:*
UDP 0.0.0.0:1143 *:*
UDP 0.0.0.0:1144 *:*
UDP 0.0.0.0:1145 *:*
UDP 0.0.0.0:1146 *:*
UDP 0.0.0.0:1147 *:*
UDP 0.0.0.0:1148 *:*
UDP 0.0.0.0:1149 *:*
UDP 0.0.0.0:1150 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1028 *:*
UDP 127.0.0.1:1046 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.1.186:123 *:*
UDP 192.168.1.186:137 *:*
UDP 192.168.1.186:138 *:*
UDP 192.168.1.186:1900 *:*
|
|
|
 |
|
| [Question] Điều tra Máy nhiễm virus bằng manual |
15/07/2010 18:19:23 (+0700) | #2 | 215433 |
![[Avatar]](/hvaonline/images/avatar/72ee26e2b01d77e08c443b7a6b9816d3.png "[Avatar]")
|
H3x4
Member
|
|
0 |
|
|
Joined: 02/04/2009 00:03:16
Messages: 242
Offline
|
|
| Bạn thêm thông số -b để hiển thị chương trình nào đang hoạt động ở port đó như vậy sẽ dễ biết hơn, từ đó mới tìm ra được sự bất thường! |
|
|
| Users currently in here |
|
1 Anonymous
|
|
Powered by JForum - Extended by HVAOnline
hvaonline.net | hvaforum.net | hvazone.net | hvanews.net | vnhacker.org
1999 - 2013 ©
v2012|0504|218|
|
|
![[Rule]](/hvaonline/templates/viet/images/icon_mini_rule.gif "[Rule]"){kind=icon}
![[Home]](/hvaonline/templates/viet/images/icon_mini_groups.gif "[Home]"){kind=icon}
![[Portal]](/hvaonline/templates/viet/images/icon_mini_portal.gif "[Portal]"){kind=icon}
![[Members]](/hvaonline/templates/viet/images/icon_mini_members.gif "[Members]"){kind=icon}
![[Statistics]](/hvaonline/templates/viet/images/icon_mini_stats.gif "[Statistics]"){kind=icon}
![[Search]](/hvaonline/templates/viet/images/icon_mini_search.gif "[Search]"){kind=icon}
![[Reading Room]](/hvaonline/templates/viet/images/icon_mini_book.gif "[Reading Room]"){kind=icon}
![[Register]](/hvaonline/templates/viet/images/icon_mini_register.gif "[Register]"){kind=icon}
Register![[Login]](/hvaonline/templates/viet/images/icon_mini_login.gif "[Login]"){kind=icon}
Login [
Thảo luận virus, trojan, spyware, worm...
![[Profile]](/hvaonline/templates/viet/images/en_US/icon_profile.gif "[Profile]"){kind=icon}
![[PM]](/hvaonline/templates/viet/images/en_US/icon_pm.gif "[PM]"){kind=icon}
![[Up]](/hvaonline/templates/viet/images/en_US/icon_up.gif "[Up]"){kind=icon}
![[Print Copy]](/hvaonline/templates/viet/images/en_US/icon_print.gif "[Print Copy]"){kind=icon}
![[digg]](/hvaonline/templates/viet/images/digg.gif "[digg]")
![[delicious]](/hvaonline/templates/viet/images/delicious.gif "[delicious]")
![[google]](/hvaonline/templates/viet/images/google.gif "[google]")
![[yahoo]](/hvaonline/templates/viet/images/yahoo.gif "[yahoo]")
![[technorati]](/hvaonline/templates/viet/images/technorati.gif "[technorati]")
![[reddit]](/hvaonline/templates/viet/images/reddit.gif "[reddit]")
![[stumbleupon]](/hvaonline/templates/viet/images/stumbleupon.gif "[stumbleupon]")