I won't post any logs of any kind. However I will if asked by the administrators of the forum. However I do know my stuff and they are clean. Even with the most recent updates for Ad-aware,SpybotS&D,Mcafee,Norton, I have found nothing.
Yet something buried in the services is trying to connect to a nameserver which is not the 2 that my internet service provider gave to me to put in the primary and secondary locations in the connection properties.
So basically I have a programming question.
I have found code for enumerating the services and listing the modules associated
with the services, however I am not sure if I can use that information at the moment the svchost instance tries to connect to this foreign nameserver. I am also looking at code for a TDI firewall and determining how to implement a method of detection of the process and the associated module.
I believe it most likely isn't spyware or adware but a rogue variant of a worm.
There is the possibility it has attached itself to the tail end of a DLL and set it up as an overlay or it could be a dll that has set up a hook api to catch any attempt to resolve any address and then use their; (or the one written in the bad code), DNS nameserver.
So with what I have to say does anybody have any ideas?
Question
AcidHorse
I won't post any logs of any kind. However I will if asked by the administrators of the forum. However I do know my stuff and they are clean. Even with the most recent updates for Ad-aware,SpybotS&D,Mcafee,Norton, I have found nothing.
Yet something buried in the services is trying to connect to a nameserver which is not the 2 that my internet service provider gave to me to put in the primary and secondary locations in the connection properties.
So basically I have a programming question.
I have found code for enumerating the services and listing the modules associated
with the services, however I am not sure if I can use that information at the moment the svchost instance tries to connect to this foreign nameserver. I am also looking at code for a TDI firewall and determining how to implement a method of detection of the process and the associated module.
I believe it most likely isn't spyware or adware but a rogue variant of a worm.
There is the possibility it has attached itself to the tail end of a DLL and set it up as an overlay or it could be a dll that has set up a hook api to catch any attempt to resolve any address and then use their; (or the one written in the bad code), DNS nameserver.
So with what I have to say does anybody have any ideas?
Link to comment
Share on other sites
0 answers to this question
Recommended Posts