Hi, All.
I'm using Kaspersky Anti-Virus 6.0.3 for Workstation with the latest patterns and my Anti-Hacker detected Intrusion.Win.NETAPI.buffer-overflow.exploit attack coming from an IP on my LAN. On the firewall logs I can also see my PC's IP address sending packets to a random public IP addresses to TCP port 445 to the Internet every 21 seconds but Kaspersky Anti-Hacker didn't detect the broadcast from my PC. I think my PC is somewhat infected with a worm and Kaspersky wasn't able to detect it. I already applied the MS08-067 patch from Microsoft and still I can see my IP address as one of those flooding my network causing DOS. Has anyone got the same problem? Anyone can help addressing the DOS attack on my LAN and Kaspersky is not able to prevent such broadcasts to TCP 445? Thanks in advance.
Hello,
i have that issue to. any ideas?
i have that issue to. any ideas?
QUOTE(wicked @ 16.12.2008 19:24) 
Hi, All.
I'm using Kaspersky Anti-Virus 6.0.3 for Workstation with the latest patterns and my Anti-Hacker detected Intrusion.Win.NETAPI.buffer-overflow.exploit attack coming from an IP on my LAN. On the firewall logs I can also see my PC's IP address sending packets to a random public IP addresses to TCP port 445 to the Internet every 21 seconds but Kaspersky Anti-Hacker didn't detect the broadcast from my PC. I think my PC is somewhat infected with a worm and Kaspersky wasn't able to detect it. I already applied the MS08-067 patch from Microsoft and still I can see my IP address as one of those flooding my network causing DOS. Has anyone got the same problem? Anyone can help addressing the DOS attack on my LAN and Kaspersky is not able to prevent such broadcasts to TCP 445? Thanks in advance.
I'm using Kaspersky Anti-Virus 6.0.3 for Workstation with the latest patterns and my Anti-Hacker detected Intrusion.Win.NETAPI.buffer-overflow.exploit attack coming from an IP on my LAN. On the firewall logs I can also see my PC's IP address sending packets to a random public IP addresses to TCP port 445 to the Internet every 21 seconds but Kaspersky Anti-Hacker didn't detect the broadcast from my PC. I think my PC is somewhat infected with a worm and Kaspersky wasn't able to detect it. I already applied the MS08-067 patch from Microsoft and still I can see my IP address as one of those flooding my network causing DOS. Has anyone got the same problem? Anyone can help addressing the DOS attack on my LAN and Kaspersky is not able to prevent such broadcasts to TCP 445? Thanks in advance.
Hello,
Can you please followup the below guidence:
http://forum.kaspersky.com/index.php?showtopic=95206
Please post your feed back to us...
Thanks.
QUOTE(sma_sma @ 17.12.2008 14:54)
Hello,
Can you please followup the below guidence:
http://forum.kaspersky.com/index.php?showtopic=95206
Please post your feed back to us...
Thanks.
Can you please followup the below guidence:
http://forum.kaspersky.com/index.php?showtopic=95206
Please post your feed back to us...
Thanks.
I already applied / installed Windows update KB958644 (MS08-067). Please read my post. Kaspersky was not able to detect my pc that was also attacking or broadcasting to tcp 445 to other random IP addresses. Any more ideas?
Dear all,
I have tried to install that windows patch but it won't work. this is getting spread in the network.
I think we need good solution for this.
I have tried to install that windows patch but it won't work. this is getting spread in the network.
I think we need good solution for this.
QUOTE(manawa @ 17.12.2008 17:22)
Dear all,
I have tried to install that windows patch but it won't work. this is getting spread in the network.
I think we need good solution for this.
I have tried to install that windows patch but it won't work. this is getting spread in the network.
I think we need good solution for this.
im not sure if this is a good idea but for the network of our client (80% of pc are broadcasting), heres what we've done so far and broadcasting / flooding seems to stop on that pc.
run sysclean with lpt707 (pattern files) above and kaspersky active threat disinfection will automatically run and detect the malware net-worm.win32.kido.gen which is located in system32. it seems that running sysclean activated the virus or something which kaspersky real time protection detected and deleted, so far network activity is now returning to normal (unlike before no internet and no LAN).
@kaspersky lab,
please include the removal of this malware to your latest klwk utility tool coz we all know that we dont like the idea or dont recommend using sysclean.
QUOTE(wicked @ 18.12.2008 08:24)
im not sure if this is a good idea but for the network of our client (80% of pc are broadcasting), heres what we've done so far and broadcasting / flooding seems to stop on that pc.
run sysclean with lpt707 (pattern files) above and kaspersky active threat disinfection will automatically run and detect the malware net-worm.win32.kido.gen which is located in system32. it seems that running sysclean activated the virus or something which kaspersky real time protection detected and deleted, so far network activity is now returning to normal (unlike before no internet and no LAN).
@kaspersky lab,
please include the removal of this malware to your latest klwk utility tool coz we all know that we dont like the idea or dont recommend using sysclean.
run sysclean with lpt707 (pattern files) above and kaspersky active threat disinfection will automatically run and detect the malware net-worm.win32.kido.gen which is located in system32. it seems that running sysclean activated the virus or something which kaspersky real time protection detected and deleted, so far network activity is now returning to normal (unlike before no internet and no LAN).
@kaspersky lab,
please include the removal of this malware to your latest klwk utility tool coz we all know that we dont like the idea or dont recommend using sysclean.
Dear wicked,
What is the infected file in system32?
QUOTE(manawa @ 18.12.2008 11:22)
Dear wicked,
What is the infected file in system32?
What is the infected file in system32?
*.dll is the infected file in system32.
QUOTE(wicked @ 18.12.2008 13:21)
*.dll is the infected file in system32.
what is the name of dll file? there is lots of dll in system32 i guest.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.