Sounds like a rootkit maybe, try rootkitreveal. Also try scanning the drives externally from a clean system.
--SJ SJ.Stanaitis - Network Administrator Decorative Product Source, Inc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Monday, January 28, 2008 3:00 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] OT: Virus pb Hi all i have an infected w2k server sending traffic to random IP local port is 1044 and remote port 161 (snmp) All the AV i tried found nothing Is there an easy way to find what application/process is generating this traffic ? (tried fport, didnt help) Anyone has an idea about what this application/virus might be ? TIA and Regards --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.