Jump to content

spambot или что

evgen_ln

By evgen_ln
in У нага

 Share

Recommended Posts

evgen_ln

evgen_ln

Posted
Posted (edited)

Что за вирус, каспер не не находит по словам клиента, валит dns запросами на левые хосты, постояная активность на 139 порт

[11/May/2009 10:20:44] {proto_dns} DNS: query 10.241.1.10:2388 -> 10.241.1.30:53 for vmwoyacchk.net
[11/May/2009 10:20:45] {proto_dns} DNS: query 10.241.1.10:2388 -> 10.241.1.30:53 for vmwoyacchk.net
[11/May/2009 10:20:46] {proto_dns} DNS: query 10.241.1.10:2388 -> 10.241.1.30:53 for vmwoyacchk.net
[11/May/2009 10:20:48] {proto_dns} DNS: query 10.241.1.10:2388 -> 10.241.1.30:53 for vmwoyacchk.net
[11/May/2009 10:20:52] {proto_dns} DNS: query 10.241.1.10:2388 -> 10.241.1.30:53 for vmwoyacchk.net
[11/May/2009 10:21:07] {proto_dns} DNS: query 10.241.1.10:2389 -> 10.241.1.30:53 for ixnyhjvhbya.com
[11/May/2009 10:21:08] {proto_dns} DNS: query 10.241.1.10:2389 -> 10.241.1.30:53 for ixnyhjvhbya.com
[11/May/2009 10:21:09] {proto_dns} DNS: query 10.241.1.10:2389 -> 10.241.1.30:53 for ixnyhjvhbya.com
[11/May/2009 10:21:11] {proto_dns} DNS: query 10.241.1.10:2389 -> 10.241.1.30:53 for ixnyhjvhbya.com
[11/May/2009 10:21:15] {proto_dns} DNS: query 10.241.1.10:2389 -> 10.241.1.30:53 for ixnyhjvhbya.com
[11/May/2009 10:21:29] {proto_dns} DNS: query 10.241.1.10:2390 -> 10.241.1.30:53 for vjvtqjyu.org
[11/May/2009 10:21:30] {proto_dns} DNS: query 10.241.1.10:2390 -> 10.241.1.30:53 for vjvtqjyu.org
[11/May/2009 10:21:31] {proto_dns} DNS: query 10.241.1.10:2390 -> 10.241.1.30:53 for vjvtqjyu.org
[11/May/2009 10:21:33] {proto_dns} DNS: query 10.241.1.10:2390 -> 10.241.1.30:53 for vjvtqjyu.org
[11/May/2009 10:21:37] {proto_dns} DNS: query 10.241.1.10:2390 -> 10.241.1.30:53 for vjvtqjyu.org
[11/May/2009 10:21:51] {proto_dns} DNS: query 10.241.1.10:2391 -> 10.241.1.30:53 for cggyup.cn
[11/May/2009 10:21:52] {proto_dns} DNS: query 10.241.1.10:2391 -> 10.241.1.30:53 for cggyup.cn
[11/May/2009 10:21:53] {proto_dns} DNS: query 10.241.1.10:2391 -> 10.241.1.30:53 for cggyup.cn
[11/May/2009 10:21:55] {proto_dns} DNS: query 10.241.1.10:2391 -> 10.241.1.30:53 for cggyup.cn
[11/May/2009 10:21:59] {proto_dns} DNS: query 10.241.1.10:2391 -> 10.241.1.30:53 for cggyup.cn
[11/May/2009 10:22:13] {proto_dns} DNS: query 10.241.1.10:2392 -> 10.241.1.30:53 for rbfbwqrovj.org
[11/May/2009 10:22:14] {proto_dns} DNS: query 10.241.1.10:2392 -> 10.241.1.30:53 for rbfbwqrovj.org
[11/May/2009 10:22:15] {proto_dns} DNS: query 10.241.1.10:2392 -> 10.241.1.30:53 for rbfbwqrovj.org
[11/May/2009 10:22:17] {proto_dns} DNS: query 10.241.1.10:2392 -> 10.241.1.30:53 for rbfbwqrovj.org
[11/May/2009 10:22:21] {proto_dns} DNS: query 10.241.1.10:2392 -> 10.241.1.30:53 for rbfbwqrovj.org
[11/May/2009 10:22:36] {proto_dns} DNS: query 10.241.1.10:2393 -> 10.241.1.30:53 for frjtctvq.net
[11/May/2009 10:22:37] {proto_dns} DNS: query 10.241.1.10:2393 -> 10.241.1.30:53 for frjtctvq.net
[11/May/2009 10:22:38] {proto_dns} DNS: query 10.241.1.10:2393 -> 10.241.1.30:53 for frjtctvq.net
[11/May/2009 10:22:40] {proto_dns} DNS: query 10.241.1.10:2393 -> 10.241.1.30:53 for frjtctvq.net
[11/May/2009 10:22:44] {proto_dns} DNS: query 10.241.1.10:2393 -> 10.241.1.30:53 for frjtctvq.net
[11/May/2009 10:22:58] {proto_dns} DNS: query 10.241.1.10:2394 -> 10.241.1.30:53 for vpgbdnzctw.com
[11/May/2009 10:22:59] {proto_dns} DNS: query 10.241.1.10:2394 -> 10.241.1.30:53 for vpgbdnzctw.com
[11/May/2009 10:23:00] {proto_dns} DNS: query 10.241.1.10:2394 -> 10.241.1.30:53 for vpgbdnzctw.com
[11/May/2009 10:23:02] {proto_dns} DNS: query 10.241.1.10:2394 -> 10.241.1.30:53 for vpgbdnzctw.com
[11/May/2009 10:23:06] {proto_dns} DNS: query 10.241.1.10:2394 -> 10.241.1.30:53 for vpgbdnzctw.com
[11/May/2009 10:23:20] {proto_dns} DNS: query 10.241.1.10:2395 -> 10.241.1.30:53 for qldddbkqo.com
[11/May/2009 10:23:21] {proto_dns} DNS: query 10.241.1.10:2395 -> 10.241.1.30:53 for qldddbkqo.com
[11/May/2009 10:23:22] {proto_dns} DNS: query 10.241.1.10:2395 -> 10.241.1.30:53 for qldddbkqo.com
[11/May/2009 10:23:24] {proto_dns} DNS: query 10.241.1.10:2395 -> 10.241.1.30:53 for qldddbkqo.com
[11/May/2009 10:23:28] {proto_dns} DNS: query 10.241.1.10:2395 -> 10.241.1.30:53 for qldddbkqo.com
[11/May/2009 10:23:42] {proto_dns} DNS: query 10.241.1.10:2396 -> 10.241.1.30:53 for aomwsxtwqs.ws
[11/May/2009 10:23:43] {proto_dns} DNS: query 10.241.1.10:2396 -> 10.241.1.30:53 for aomwsxtwqs.ws
[11/May/2009 10:23:44] {proto_dns} DNS: query 10.241.1.10:2396 -> 10.241.1.30:53 for aomwsxtwqs.ws
[11/May/2009 10:23:46] {proto_dns} DNS: query 10.241.1.10:2396 -> 10.241.1.30:53 for aomwsxtwqs.ws
[11/May/2009 10:23:50] {proto_dns} DNS: query 10.241.1.10:2396 -> 10.241.1.30:53 for aomwsxtwqs.ws
[11/May/2009 10:24:05] {proto_dns} DNS: query 10.241.1.10:2397 -> 10.241.1.30:53 for irkuzmste.org
[11/May/2009 10:24:06] {proto_dns} DNS: query 10.241.1.10:2397 -> 10.241.1.30:53 for irkuzmste.org
[11/May/2009 10:24:07] {proto_dns} DNS: query 10.241.1.10:2397 -> 10.241.1.30:53 for irkuzmste.org
[11/May/2009 10:24:09] {proto_dns} DNS: query 10.241.1.10:2397 -> 10.241.1.30:53 for irkuzmste.org
[11/May/2009 10:24:13] {proto_dns} DNS: query 10.241.1.10:2397 -> 10.241.1.30:53 for irkuzmste.org
[11/May/2009 10:24:27] {proto_dns} DNS: query 10.241.1.10:2398 -> 10.241.1.30:53 for vqytotijba.com
[11/May/2009 10:24:28] {proto_dns} DNS: query 10.241.1.10:2398 -> 10.241.1.30:53 for vqytotijba.com
[11/May/2009 10:24:29] {proto_dns} DNS: query 10.241.1.10:2398 -> 10.241.1.30:53 for vqytotijba.com
[11/May/2009 10:24:31] {proto_dns} DNS: query 10.241.1.10:2398 -> 10.241.1.30:53 for vqytotijba.com
[11/May/2009 10:24:35] {proto_dns} DNS: query 10.241.1.10:2398 -> 10.241.1.30:53 for vqytotijba.com
[11/May/2009 10:24:49] {proto_dns} DNS: query 10.241.1.10:2399 -> 10.241.1.30:53 for kobnpmk.cn
[11/May/2009 10:24:50] {proto_dns} DNS: query 10.241.1.10:2399 -> 10.241.1.30:53 for kobnpmk.cn
[11/May/2009 10:24:51] {proto_dns} DNS: query 10.241.1.10:2399 -> 10.241.1.30:53 for kobnpmk.cn
[11/May/2009 10:24:53] {proto_dns} DNS: query 10.241.1.10:2399 -> 10.241.1.30:53 for kobnpmk.cn
[11/May/2009 10:24:57] {proto_dns} DNS: query 10.241.1.10:2399 -> 10.241.1.30:53 for kobnpmk.cn
[11/May/2009 10:25:11] {proto_dns} DNS: query 10.241.1.10:2400 -> 10.241.1.30:53 for huaur.ws
[11/May/2009 10:25:12] {proto_dns} DNS: query 10.241.1.10:2400 -> 10.241.1.30:53 for huaur.ws
[11/May/2009 10:25:13] {proto_dns} DNS: query 10.241.1.10:2400 -> 10.241.1.30:53 for huaur.ws
[11/May/2009 10:25:15] {proto_dns} DNS: query 10.241.1.10:2400 -> 10.241.1.30:53 for huaur.ws
[11/May/2009 10:25:19] {proto_dns} DNS: query 10.241.1.10:2400 -> 10.241.1.30:53 for huaur.ws
[11/May/2009 10:25:34] {proto_dns} DNS: query 10.241.1.10:2401 -> 10.241.1.30:53 for avoqrovf.biz
[11/May/2009 10:25:35] {proto_dns} DNS: query 10.241.1.10:2401 -> 10.241.1.30:53 for avoqrovf.biz
[11/May/2009 10:25:36] {proto_dns} DNS: query 10.241.1.10:2401 -> 10.241.1.30:53 for avoqrovf.biz
[11/May/2009 10:25:38] {proto_dns} DNS: query 10.241.1.10:2401 -> 10.241.1.30:53 for avoqrovf.biz
[11/May/2009 10:25:42] {proto_dns} DNS: query 10.241.1.10:2401 -> 10.241.1.30:53 for avoqrovf.biz
[11/May/2009 10:25:56] {proto_dns} DNS: query 10.241.1.10:2402 -> 10.241.1.30:53 for vnqyh.ws
[11/May/2009 10:25:57] {proto_dns} DNS: query 10.241.1.10:2402 -> 10.241.1.30:53 for vnqyh.ws
[11/May/2009 10:25:58] {proto_dns} DNS: query 10.241.1.10:2402 -> 10.241.1.30:53 for vnqyh.ws
[11/May/2009 10:26:00] {proto_dns} DNS: query 10.241.1.10:2402 -> 10.241.1.30:53 for vnqyh.ws
[11/May/2009 10:26:04] {proto_dns} DNS: query 10.241.1.10:2402 -> 10.241.1.30:53 for vnqyh.ws
[11/May/2009 10:26:18] {proto_dns} DNS: query 10.241.1.10:2403 -> 10.241.1.30:53 for pxwhcxttxu.org
[11/May/2009 10:26:19] {proto_dns} DNS: query 10.241.1.10:2403 -> 10.241.1.30:53 for pxwhcxttxu.org
[11/May/2009 10:26:20] {proto_dns} DNS: query 10.241.1.10:2403 -> 10.241.1.30:53 for pxwhcxttxu.org
[11/May/2009 10:26:22] {proto_dns} DNS: query 10.241.1.10:2403 -> 10.241.1.30:53 for pxwhcxttxu.org
[11/May/2009 10:26:26] {proto_dns} DNS: query 10.241.1.10:2403 -> 10.241.1.30:53 for pxwhcxttxu.org

Edited by evgen_ln

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.