作者williamsydu (william)
看板NetSecurity
标题[问题] 是否中毒了
时间Sat Dec 20 18:35:43 2008
最近发现自己在学校的PC 莫名被开了port 并上传封包
TCP 0.0.0.0:55877 220.132.59.28:22067 SYN_SENT
TCP 0.0.0.0:55878 140.112.44.107:26458 SYN_SENT
TCP 0.0.0.0:55879 218.173.129.107:40509 SYN_SENT
TCP 0.0.0.0:55880 59.112.172.115:60591 SYN_SENT
TCP 0.0.0.0:55881 61.62.56.189:33900 SYN_SENT
TCP 0.0.0.0:55882 203.64.38.175:34741 SYN_SENT
TCP 0.0.0.0:55883 218.174.131.37:7308 SYN_SENT
TCP 0.0.0.0:55888 220.132.59.28:https SYN_SENT
TCP 0.0.0.0:55889 140.112.44.107:https SYN_SENT
TCP 0.0.0.0:55890 218.173.129.107:https SYN_SENT
TCP 0.0.0.0:55891 59.112.172.115:https SYN_SENT
TCP 0.0.0.0:55892 61.62.56.189:https SYN_SENT
TCP 0.0.0.0:55893 203.64.38.175:https SYN_SENT
TCP 0.0.0.0:55894 218.174.131.37:https SYN_SENT
请教一下这是否为木马 还是病毒? 周三也是同样的问题 当天就重新安装系统
没想到今天又出现了.. 平常只有开pcman, skype, msn, kuro
不过在家里的电脑 同样有类似的port
TCP home:2955 61.220.57.48:19105 TIME_WAIT
TCP home:2956 61.220.57.113:5000 TIME_WAIT
TCP home:2957 61.220.57.48:19105 TIME_WAIT
TCP home:2958 61.220.57.48:19105 TIME_WAIT
TCP home:2959 61.220.57.48:19105 TIME_WAIT
谢谢~
--
※ 发信站: 批踢踢实业坊(ptt.cc)
◆ From: 125.231.131.247
1F:→ dennisxkimo:看看自己的执行绪有没有不正常的程式, 03/12 22:35
2F:→ dennisxkimo:还有要更新windows安全性更新到最新, 03/12 22:36
3F:→ dennisxkimo:完全没更新状态,光是插上去很多电脑的区网就会中标了 03/12 22:37