Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

something is calling isc.org from inside my computers on network....?

For few days I've been surprised by a huge amount of connection request from within my network to one of ISC address on port 80.

The address is 204.152.184.139

All requests are block by my firewall.

I've been searching through the net to find some more info regarding this issue.

I'm suspecting something nasty is going on, since there is no alert from our antivirus system ( trendmicro officescan )

I tried to use well-known antimalwares and antispywares programs on a sample computer but found nothing suspicious.

netstat -anb shows :

TCP 172.16.3.232:4021 204.152.184.139:80 SYN_SENT 1444

c:\windows\system32\WS2_32.dll

C:\WINDOWS\system32\WININET.dll

-- unknown component(s) --

[svchost.exe]

Any idea what I'm dealing with??

Update:

procexp found advapi......wtf

googling around for some solutions now

Update 2:

whoops....i think it's the valid advapi.dll needed by windows....seeking culprit continued...

Update 3:

this connection initiated by svchost which are carrying some essential services such as windows audio, dmserver, browser, windows firewall, etc.

i tried to track down within registry entries but failed to find suspicious target.

1 Answer

Relevance
  • brad
    Lv 4
    1 decade ago
    Favorite Answer

    ws2_32.dll is what you seek....

    chances are its only the child process on your PC , its highly likely there will be a rootkit elsewhere.

    it might as well be called babyfartmcgezeacs.dll and svchost is running the dll as system.

    try process explorer from win internals, then use unhackme 30 day free fully functioning trial.

    kill it off. and test again.

Still have questions? Get your answers by asking now.