[Dshield] Is there a legitimate service named doom?
BKWalker at drbsystems.com
Thu Jun 23 18:17:57 GMT 2005
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of
> securityguy at dslextreme.com
> Sent: Thursday, June 23, 2005 1:29 PM
> To: list at lists.dshield.org
> Subject: [Dshield] Is there a legitimate service named doom?
> Troubleshooting a windows 2k server, a netstat showed a
> protocol named "doom" listening on port 1035. The latest
> virus scans show no infection (symantec, mcafee stinger, and
> trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service,
> increase in disk size, or anything out of the ordinary. It
> possible that this is a normal service as opposed to someone
> running a game? How would I track down what is spawning this service?
Start with netstat -o which will give you the PID of the process that
opened the service, find that in your task manager and then hunt down
the executable. That'll probably tell you a lot right there.
More information about the list