[Dshield] Is there a legitimate service named doom?

List Tracking listrak at my-mbox.com
Thu Jun 23 18:36:10 GMT 2005


get a copy of sysinternals' tcpview .. it will show you the threads (by
PID and .exe name) that have opened listening sockets on the box.

good luck.

Best Regards,
Joe Moll
---
Joseph L. Moll, CISSP
jmoll at autoproxy.com
http://sysinfosec.net


> -------- Original Message --------
> Subject: [Dshield] Is there a legitimate service named doom?
> From: securityguy at dslextreme.com
> Date: Thu, June 23, 2005 1:28 pm
> To: list at lists.dshield.org
>
> Troubleshooting a windows 2k server, a netstat showed a protocol named
> "doom" listening on port 1035.  The latest virus scans show no infection
> (symantec, mcafee stinger, and trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service, increase in
> disk size, or anything out of the ordinary.  It possible that this is a
> normal service as opposed to someone running a game?  How would I track
> down what is spawning this service?
>
> - SG
>
>
>
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list