Computing.Net > Forums > Security and Virus > Virus or Backdoor?

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Virus or Backdoor?

Reply to Message Icon
Original Message
Name: saxofun
Date: February 23, 2004 at 11:44:21 Pacific
Subject: Virus or Backdoor?
OS: Windows 2000 Pro
CPU/Ram: Intel 256 Mg
Comment:

Hi,

Since I have installed Kerio Personal Firewall 4.0, I have denied the UDP on port 53 in inbound and outbound.

Then, while surfing on the net, I am frequently receiving kerio's alerts (often by block of 8) telling me that Services and Controller App (c:\winnt\system32\services.exe) as been blocked in outbound on various ports (1039, 1799, 1807, 1892, 1926, 1905) but always at the same IP address 207.236.176.28:domain !!!

I even receive those alerts while opening a windows sessions!!!!

If it is just a backdoor, it's ok, I am blocking it.
But if it is a virus, I could eradicate it by erasing the files and/or keys that run this process. But which virus would it be?

My AntivirusKitPro12 doesn't detect any virus, but as it is a trial version, i am not sure it is fully reliable and I don't want to change it yet, as I am testing it...

What do you think of it? Could it be a virus? If so, which one?
Thanks for your help!


Report Offensive Message For Removal

Response Number 1
Name: Tank863
Date: February 23, 2004 at 18:22:11 Pacific
Subject: Virus or Backdoor?
Reply: (edit)

The IP Address comes back to:

OrgName: Bell Canada
OrgID: LINX
Address:
City: Toronto
StateProv: ON
PostalCode: K1G-3J4
Country: CA

NetRange: 207.236.0.0 - 207.236.255.255
CIDR: 207.236.0.0/16
NetName: BELLGLOBAL-2
NetHandle: NET-207-236-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BELLGLOBAL.COM
NameServer: NS2.BELLGLOBAL.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1996-10-28
Updated: 2000-05-26

TechHandle: PD135-ARIN
TechName: Daoust, Philippe
TechPhone: +1-800-450-7771


OrgTechHandle: SYSAD1-ARIN
OrgTechName: Sys Admin
OrgTechPhone: +1-613-785-0886


# ARIN WHOIS database, last updated 2004-02-22 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

Is that your ISP? Is that your IP address?
You can check your own IP address by clicking Check your IP

What is services.exe?

Services - services.exe - Process Information

Process File: services or services.exe
Process Name: Windows Service Controller
Description: Application that is used only in Windows NT 4, 2000, and XP for starting, stopping, and interacting with system services.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

It is a needed service according to MS..

Tank863
What the heck is:
Report Offensive Follow Up For Removal








Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Virus or Backdoor?

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Where is the OS version file in XP?

Mail merge lists

all fonts are gone

Xp only boots with ext. drive in

Problem with my IP address?

All Posts Awaiting Replies