Jump to content
Compatible Support Forums
Sign in to follow this  
videobruce

Massive data upload when dialup adapter is running

Recommended Posts

After a few minutes without a browser running using DU Meter as a in/out monitor I'm getting a massive (for a analog connection) upload of unknown data to a unknown destination by a unknown process.

 

I have:

Done a virus scan (though not up to date definations)

Used AdAware V6 and SpyBot V1.2

Checked processes running

 

I am running 2k w/sp3 The laptop was upgraded with Idiot Exploiter 6 from M$'s site (this isn't my laptop BTW).

 

Before the dialer was starting byself, now it seems ok, but not sure yet.

The laptop freezes where only a reboot solves the condition (no browser running the last time).

 

The IE update was the last upgrade/change AFAIK.

 

It is almost as this machine was doing a DOS attack to another site by uploading massive amounts of data somewhere.

Share this post


Link to post

It sounds a lot like the Opaserv virus. Check to see if there are any of these files: ALEVIR.EXE, BRASIL.EXE, BRASIL.PIF, SCRSVR.EXE or MARCO!.SCR on the hard drive. There is also another Trojan called Q-Hosts. See if the hosts file occurs more than once.

Share this post


Link to post

All came up negitive.

 

Tried to install Zone Alarm, but I get a KMODE exception when I try to run iy. I guess there are problems with display drivers and this is a Laptop with no updated driver. I even turned the accerlation down all the way and I still get a BSOD.

Share this post


Link to post

To make a short story long, it appears to be a worm;

 

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.A

 

Problem is I can't install that M$ patch because the install I did is a slipstreamed SP3 burned CD and on top of that I also I do a 'LittleWhiteDog NTOSKRNL mod' using Resource Hacker to change that damn M$ splash screen.

I get a error when I try to install that patch stating I need something newer that SP2. I already have SP3 installed.

 

Not to stop there, since I didn't know what was doing this and thought it was the dialup adapter I connected the Laptop to my network so I could d/l a updated virus package from TrendMicro (which I did). After running the updated virus definitions that NACHI.A worm showed up.

I had my main box on also and that got affected also!

 

NACHI.A just did my machine.

 

I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.

Share this post


Link to post
Quote:


{snip}

I did a manual remove on both machines and it seems to be gone. Too early to tell yet. I don't know where he got it from.


Is there any P2P app installed on the machine or some extra .SCR files say from a news group ?!?

As for the Slipstream install CD, you can update it to SP4 the same way, just create a new Slipstreamed CD with SP4 instead then add the hack back afterwards unless of course the hack doesn't work with SP4 frown

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×