[Dshield] Is there a legitimate service named doom?
listrak at my-mbox.com
Thu Jun 23 18:36:10 GMT 2005
get a copy of sysinternals' tcpview .. it will show you the threads (by
PID and .exe name) that have opened listening sockets on the box.
Joseph L. Moll, CISSP
jmoll at autoproxy.com
> -------- Original Message --------
> Subject: [Dshield] Is there a legitimate service named doom?
> From: securityguy at dslextreme.com
> Date: Thu, June 23, 2005 1:28 pm
> To: list at lists.dshield.org
> Troubleshooting a windows 2k server, a netstat showed a protocol named
> "doom" listening on port 1035. The latest virus scans show no infection
> (symantec, mcafee stinger, and trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service, increase in
> disk size, or anything out of the ordinary. It possible that this is a
> normal service as opposed to someone running a game? How would I track
> down what is spawning this service?
> - SG
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
More information about the list