Trojan copyied to local share

stormwalkerza

Senior Member
Joined
Jun 10, 2005
Messages
521
I keep getting files posted to my open shares on my lan

Finally found a nifty app to monitor who/how it got here

******GUEST (41.0.18.246 (Computer: ) ) CONNECTED at 1/20/2010 2:13:08 PM
-- GUEST(41.0.18.246) Opened at 1/20/2010 2:13:28 PM for:C:\Downloads\renamer\xpoxlk.exe(WRITING,0 locks)
-- GUEST(41.0.18.246) Opened at 1/20/2010 2:14:25 PM for:C:\Downloads\renamer\xpoxlk.exe(READ,0 locks)

Heres the scan info

http://www.virustotal.com/analisis/...46a2dc6517db60708c8354543fcbad27a5-1263659816

Anyone know what valnerability it is exploiting ?

Unforunalty i have to have a share open, but obv dont want inet things being downloaded all the time.

Scanned all the local pc's as i thought it was being copied from an infected machine, but now i see its being done from the net, and want to close the hole

Storm
 

HazMan

Well-Known Member
Joined
Feb 17, 2009
Messages
208
You should disable File and Printer Sharing on your Internet connection, unless you *need* your file share exposed to the Net - which I imagine you don't want ;)
 

Obelix

Senior Member
Joined
Sep 28, 2003
Messages
961
wait a sec..... u got file and print sharing on your internet facing connection ?

congrats at joining the ever increasing list of zombies.....
 

Drake2007

Expert Member
Joined
Oct 23, 2008
Messages
4,413
Ouch and it's from some zombie on vodacom. Must be costing them a fortune in data.
 

stormwalkerza

Senior Member
Joined
Jun 10, 2005
Messages
521
Firewal is up

Removed the file sharing for public connections, will see how it goes ... tnks ...
 
Top