[Dshield] Odd dhcp Chatter Activity
ottalini at mindspring.com
Thu Apr 22 08:36:52 GMT 2004
I have a notebook comp with XP Home I use as a sacrificial goat and for testing that scans totally clean right now but has something undetectable going on, perhaps a trojan or perhaps something damaged.
I located the problem when I noticed that there was some sort of ongoing network activity when Ethernet was plugged in but it's totally quiet when the link is unplugged or disabled.
I see activity on both tdimon and regmon
that "Explorer.EXE:144" is very odd since the actual PID for Explorer.EXE is 1444
both just sit there and cycle over and over. No other XP Home or Pro system I have does this and I have a second XP Home system set up almost identically.
The closest similar problem I could locate was this:
I'm not saying it's that backdoor but the sequence described there is very similar.
I've run virtually every spyware, virus and trojan detection program on that system and it reports clean on all.
I also have a spyware/trojan help FAQ page that I'm working on, if I've missed anything useful or have something offensive on the page I would appreciate any feedback:
Any thoughts or comments much appreciated!
More information about the list