• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

hacktool.dfind overloading connections on firewall

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
Archie_E3
Just Arrived
Just Arrived


Joined: 12 Dec 2008
Posts: 0
Location: Bristol

Offline

PostPosted: Fri Dec 12, 2008 6:47 pm    Post subject: hacktool.dfind overloading connections on firewall Reply with quote

Hi,

We've been having a recurring problem here with a particular machine behind a firewall running a dfind.exe process which overloads the firewall by maxing out the connections (at 4096). The problem has been identified and deleted time and time again but keeps coming back, so it seems there is another process that is causing the malware to come back.

The machine is a Windows Server 2003 machine with Symantec Endpoint Protection 11 installed. SEP has only come up with identifying the virus (hacktool.dfind) once, and each time the virus comes back and our firewall goes down the process is called something else (eg it was called rtvscan.exe last time).

We've run SEP, Malwarebytes, spybot, hijack this (log file available at: http://rafb.net/p/c9pBlL96.html), trend micro housecall and rootkit revealer to no avail.

I have trawled the web for people who've had similar problems, and can currently only find the following posts which are similar, but none of them seem to have solutions!

http://www.tek-tips.com/viewthread.cfm?qid=1229122&page=1
http://www.experts-exchange.com/Security/Vulnerabilities/Q_21857086.html
http://www.experts-exchange.com/Security/Operating_Systems_Security/Windows/Q_21775571.html


Any help would be very much appreciated! Its an important server, and an even more important firewall its overloading, so if there is any way at all to stop this malware before having to rebuild the machine that would be brilliant!!
Back to top
View user's profile Send private message Visit poster's website
Godsp3ed
Just Arrived
Just Arrived


Joined: 23 Apr 2009
Posts: 0
Location: Universe

Offline

PostPosted: Mon Apr 27, 2009 7:56 am    Post subject: Reply with quote

Since you say it keeps coming back even after being fixed, disable 'system restore'

To disable System Restore: Start=>Control Panel=>Performance & Maintenance=>System Applet=>

1. On the System Applet, Click the System Restore tab,
2. Check the Turn off System Restore box,
3. Click OK, then click Yes. This will initiate the restore point purging process.
4. To re-enable System Restore, clear the Turn-Off System Restore check box from the same location

Now run a scan with MBAM(http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol) with the latest updates and so also with Microsoft® Windows® Malicious Software Removal Tool (http://www.microsoft.com/security/malwareremove/default.mspx) since the problem seems to be a rootkit..
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register