On-Premise Endpoint

Sophos Endpoint Software Possible Bot infiected a computer - Why?

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 1 subscriber
Views 1842 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible Bot infiected a computer - Why?

Rodeoboy over 13 years ago

We have a computer that appearss to be spamming out through port 25 allthough Sophos is up to date and running. Why?

Sincerely,

Ken

This thread was automatically locked due to age.

Parents

0 Infoseced over 13 years ago

DECODE PID to Network service.
At the command prompt on the offending system....
netstat –ano > netstat.txt
tasklist > tasklist.txt
notepad tasklist.txt
notepad netstat.txt
Once you find the offending process PID do
netstat -b
Which should give you the offending binary.exe's and established connections.
From here it just dependins on your companies policies for remediation / risk management.
:28611
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Infoseced over 13 years ago

DECODE PID to Network service.
At the command prompt on the offending system....
netstat –ano > netstat.txt
tasklist > tasklist.txt
notepad tasklist.txt
notepad netstat.txt
Once you find the offending process PID do
netstat -b
Which should give you the offending binary.exe's and established connections.
From here it just dependins on your companies policies for remediation / risk management.
:28611
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data