WHAT is netbios-ssn & netbios-dgm

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jones23, Jun 18, 2006.

  1. jones23

    jones23 Private E-2

    a few commands i have never seen before have appeared while doing a netstat in cmd

    ever since i have seen this

    i have problems with my firefox browser

    i cannot use the delete private data option in Tools>delete private in the firefox browser

    also a "iaskmp"

    alot more highrated hits in zonealarm have been happening

    maybe its just a portscanner
     
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (
    these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     
  3. jones23

    jones23 Private E-2

    I am now Following read & run me procedure

    first i will Run hijackthis now

    and run it again after i have finished following the procedure

    :)
     
  4. jones23

    jones23 Private E-2

    I have run readme

    i attached hijack before and after procedure

    have labelled

    now i am waiting for bitdefender and panda to finish

    will post next

    if my internet explorer browser is hijacked why would i do a panda scan there or a bitdefender from there???
     

    Attached Files:

  5. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Because the logs from those 2 scans will show me things that HijackThis doesn't and isn't designed to find.

    Your HijackThis log appears to be from Safe Mode, it shows that both AntiVir PersonalEdition and Zone Alarm are installed but not running. I need a log from Normal Mode.
     
  6. jones23

    jones23 Private E-2

    Ok here i have a hijckthis in normal mode

    and a bitdefender in normal mode

    it found 1 spyware,virus

    I am now removing flashget supposedly its detected as a virus

    i couldnt upload the bitdefender log ill try in the next post

    the log exceeds your limit
     

    Attached Files:

  7. jones23

    jones23 Private E-2

    i still cannot upload

    this is the most recent scan of bitdefender

    as it appears
    FILE:

    "<system>=>HKEY_CLASSES_ROOT\CLSID\{A5366673-E8CA-11D3-9CD9-0090271DO75B"

    STATUS:

    Detected: FlashGet

    and then it was deleted

    thats the only one bitdefender can find

    I will run another NETSTAT TO SEE IF IT IS GONE
     
  8. jones23

    jones23 Private E-2

    THIS IS MY NETSTAT, I left my computer name blank

    XP sP1

    C:\Documents and Settings\ME!!!>netstat -a

    Active Connections

    MY computer NAME GOES before all the BLANK ~> :

    Proto Local Address Foreign Address State
    TCP :1025 :0 LISTENING
    TCP :3008 :0 LISTENING
    TCP :3009 :0 LISTENING
    TCP :3018 :0 LISTENING
    TCP :3026 :0 LISTENING
    TCP :3065 :0 LISTENING
    TCP :3069 :0 LISTENING
    TCP :3071 :0 LISTENING
    TCP :18350 :0 LISTENING
    TCP :netbios-ssn :0 LISTENING
    TCP :3065 a-61-9-209-159.deploy.akamaitechnologies.com:htt
    p ESTABLISHED
    TCP :3068 a.tribalfusion.com:http TIME_WAIT
    TCP :3069 216.239.57.104:http ESTABLISHED
    TCP :3071 geek.esselbach.com:http ESTABLISHED
    TCP :3072 a-61-9-209-158.deploy.akamaitechnologies.com:htt
    p TIME_WAIT
    TCP :3073 a-61-9-209-158.deploy.akamaitechnologies.com:htt
    p TIME_WAIT
    TCP :netbios-ssn :0 LISTENING
    TCP :3001 :0 LISTENING
    TCP :3002 :0 LISTENING
    TCP :3003 :0 LISTENING
    TCP :3005 :0 LISTENING
    TCP :3005 localhost:3009 ESTABLISHED
    TCP :3006 :0 LISTENING
    TCP :3006 localhost:3008 ESTABLISHED
    TCP :3008 localhost:3006 ESTABLISHED
    TCP :3009 localhost:3005 ESTABLISHED
    TCP :3018 localhost:18350 ESTABLISHED
    TCP :3025 localhost:3026 ESTABLISHED
    TCP :3026 localhost:3025 ESTABLISHED
    TCP :10025 :0 LISTENING
    TCP :10110 :0 LISTENING
    TCP :18350 localhost:3018 ESTABLISHED
    UDP :isakmp *:*
    UDP :3004 *:*
    UDP :3029 *:*
    UDP :ntp *:*
    UDP :netbios-ns *:*
    UDP :netbios-dgm *:*
    UDP :ntp *:*
    UDP :netbios-ns *:*
    UDP :netbios-dgm *:*
    UDP :ntp *:*
     
  9. jones23

    jones23 Private E-2

    ALso MY FIREFOX

    Tools>Clear Private Data function is still unavailable

    how can i fix this
     
  10. jones23

    jones23 Private E-2

    Does this mean i am not infected

    and can continue

    or something else someone is not telling me

    :confused:
     
  11. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    No, it does not mean you are not infected; in fact you are infected. I did not ask you to install BitDefender, the instructions in our Read Me First are very clear on what must be done and what tools are to be used in what order and what modes. Both of your HijackThis logs clearly show that you have not followed our standard cleaning procedures.

    The instrcutions are there so that I am not wasting your time with several posts asking you to run various tools, before I give you specific cleaning instructions. They are also there to keep poster from wasting our time.

    I will not give you any further assistance until you have completed our cleaning procedures with out skipping a step, using the tools we specify and you have posted the logs that are required.

    Follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (
    these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds