資安

是否中毒了 - 資安

David avatarDavid · 2008-12-20

Table of Contents


最近發現自己在學校的PC 莫名被開了port 並上傳封包


TCP 0.0.0.0:55877 220.132.59.28:22067 SYN_SENT
TCP 0.0.0.0:55878 140.112.44.107:26458 SYN_SENT
TCP 0.0.0.0:55879 218.173.129.107:40509 SYN_SENT
TCP 0.0.0.0:55880 59.112.172.115:60591 SYN_SENT
TCP 0.0.0.0:55881 61.62.56.189:33900 SYN_SENT
TCP 0.0.0.0:55882 203.64.38.175:34741 SYN_SENT
TCP 0.0.0.0:55883 218.174.131.37:7308 SYN_SENT
TCP 0.0.0.0:55888 220.132.59.28:https SYN_SENT
TCP 0.0.0.0:55889 140.112.44.107:https SYN_SENT
TCP 0.0.0.0:55890 218.173.129.107:https SYN_SENT
TCP 0.0.0.0:55891 59.112.172.115:https SYN_SENT
TCP 0.0.0.0:55892 61.62.56.189:https SYN_SENT
TCP 0.0.0.0:55893 203.64.38.175:https SYN_SENT
TCP 0.0.0.0:55894 218.174.131.37:https SYN_SENT

請教一下這是否為木馬 還是病毒? 周三也是同樣的問題 當天就重新安裝系統

沒想到今天又出現了.. 平常只有開pcman, skype, msn, kuro


不過在家裡的電腦 同樣有類似的port
TCP home:2955 61.220.57.48:19105 TIME_WAIT
TCP home:2956 61.220.57.113:5000 TIME_WAIT
TCP home:2957 61.220.57.48:19105 TIME_WAIT
TCP home:2958 61.220.57.48:19105 TIME_WAIT
TCP home:2959 61.220.57.48:19105 TIME_WAIT

謝謝~

--
資安

All Comments

Rae avatarRae2008-12-20
看看自己的執行緒有沒有不正常的程式,
Joe avatarJoe2008-12-22
還有要更新windows安全性更新到最新,
Andrew avatarAndrew2008-12-25
完全沒更新狀態,光是插上去很多電腦的區網就會中標了