[Dshield] Is there a legitimate service named doom?
mshirilla at micim.com
Thu Jun 23 18:23:53 GMT 2005
I do not think -o is supported in w2k server. You might have to download TCPview from Sysinternals.
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Brenden Walker
Sent: Thursday, June 23, 2005 2:18 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Is there a legitimate service named doom?
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of
> securityguy at dslextreme.com
> Sent: Thursday, June 23, 2005 1:29 PM
> To: list at lists.dshield.org
> Subject: [Dshield] Is there a legitimate service named doom?
> Troubleshooting a windows 2k server, a netstat showed a
> protocol named "doom" listening on port 1035. The latest
> virus scans show no infection (symantec, mcafee stinger, and
> trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service,
> increase in disk size, or anything out of the ordinary. It
> possible that this is a normal service as opposed to someone
> running a game? How would I track down what is spawning this service?
Start with netstat -o which will give you the PID of the process that
opened the service, find that in your task manager and then hunt down
the executable. That'll probably tell you a lot right there.
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list