瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 电脑中毒,局域广播包,有日志,高手请进!

1   1  /  1  页   跳转

[求助] 电脑中毒,局域广播包,有日志,高手请进!

收藏
miclefang888
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-10-05
  • 来自:
发表于: 2009-02-02 15:22 | 只看楼主 短消息 资料
字号: 1楼

电脑中毒,局域广播包,有日志,高手请进!

近几天电脑中毒,发现局域网中的某些电脑(我的网段是:192.168.3.X)向192.168.X.X:445(X为随机变动的)发送数据包,现在这个对方的445端口会变动,现在变为6或17端口,

这是我的路由器的一些日志:


WAN Type: PPP over Ethernet (V1.43)
Display time: Thursday March 19, 2009 11:40:40
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.193: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:53 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:58 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:58 Blocked access attempt from 192.168.3.193: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:26:59 Blocked access attempt from 192.168.3.204: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:01 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:01 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:07 Blocked access attempt from 192.168.3.15: to 192.168.2.214:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:25 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:28 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:29 Blocked access attempt from 210.128.238.74:51829 to TCP port 443
Thursday March 19, 2009 11:27:30 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:32 Blocked access attempt from 210.128.238.74:51829 to TCP port 443
Thursday March 19, 2009 11:27:33 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:33 Blocked access attempt from 192.168.3.56: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:34 Blocked access attempt from 192.168.3.167: to 204.11.104.250:6 rule=0 (by firewall)
Thursday March 19, 2009 11:27:35 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:38 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)
Thursday March 19, 2009 11:27:38 Blocked access attempt from 192.168.3.153: to 192.168.2.238:6 rule=1 (by firewall)



此为我路由器拦截的日志



附件为扫的日志,高手指点!

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)

附件附件:

文件名:SREngLOG.rar
下载次数:199
文件类型:application/octet-stream
文件大小:
上传时间:2009-2-2 15:22:25
描述:rar
分享到:
gototop
 
backway
头像
卡卡反病毒小组
  • 帖子:2473
  • 注册: 2008-11-20
  • 来自:
发表于: 2009-02-02 16:07 | 短消息 资料
字号: 2楼

回复:电脑中毒,局域广播包,有日志,高手请进!

那个日志是哪个电脑上的?
日志正常的
gototop
 
文物2
头像
横据古稀狮
  • 帖子:9389
  • 注册: 2004-04-07
  • 来自:
发表于: 2009-02-02 17:01 | 短消息 资料
字号: 3楼

回复:电脑中毒,局域广播包,有日志,高手请进!

什么路由器?

对个人来讲,统计,仪器,高速的计算机可以让人们得到大量充裕的时间。
这个社会中,更不可缺的是具备现代化的管理经验。
gototop
 
miclefang888
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-10-05
  • 来自:
发表于: 2009-02-02 17:10 | 只看楼主 短消息 资料
字号: 4楼

回复: 电脑中毒,局域广播包,有日志,高手请进!



引用:
原帖由 backway 于 2009-2-2 16:07:00 发表
那个日志是哪个电脑上的?
日志正常的



中毒电脑上的,

我看也好像正常,但它有向192.168.X.X发送6端口及445端口的数据包!
最后编辑miclefang888 最后编辑于 2009-02-02 17:11:09
gototop
 
夲號ヱ被ジ盜
头像
叱咤花甲狮
  • 帖子:7083
  • 注册: 2008-08-21
  • 来自:昆仑琼华派
论坛8周年活动礼物就爱不长大论坛9周年纪念冰激凌10温馨圣诞十周年国庆61周年十一周年勋章
发表于: 2009-02-02 17:11 | 短消息 资料
字号: 5楼

回复:电脑中毒,局域广播包,有日志,高手请进!

下个ARP防火墙试试
http://cd001.www.duba.net/duba/install/2008/ever/KAntiarp.exe
gototop
 
miclefang888
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-10-05
  • 来自:
发表于: 2009-02-02 17:11 | 只看楼主 短消息 资料
字号: 6楼

回复: 电脑中毒,局域广播包,有日志,高手请进!



引用:
原帖由 文物2 于 2009-2-2 17:01:00 发表
什么路由器?



D-LINK
gototop
 
miclefang888
头像
初生襁褓狮
  • 帖子:27
  • 注册: 2007-10-05
  • 来自:
发表于: 2009-02-03 08:51 | 只看楼主 短消息 资料
字号: 7楼

回复:电脑中毒,局域广播包,有日志,高手请进!

有没有人能帮忙呀!
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2009-02-03 08:53 | 短消息 资料
字号: 8楼

回复:电脑中毒,局域广播包,有日志,高手请进!

估计没多少人懂

你得看防火墙里终止什么程序访问网络,就不再出现那个

就去看对应的程序是什么
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT