Topic: Trojan Help (ringzero)

[Mark R]

Hi All,

i have SME installed on my network running Gateway/Server mode, is there any add-on which allows me to see live data on which ports etc are being used by which terminal?

reason for this is that i have done a security scan from the sygate site and its telling me i have a ringzero trojan???

Is there an easy way to find out which terminal is infected?

thanks in advance

Mark R

[Souley]

More info about it :
http://www.sophos.com/virusinfo/analyses/trojrhino.html
http://securityresponse.symantec.com/avcenter/venc/data/ringzero.trojan.html#technicaldetails

Not really sure that you have this trojan on your network

Have you some MS boxes ?

Best regards
Souley

[Mark R]

Thanks for your reply..

I do have some MS boxes(I know I know, i should know better)


Cheers
Mark

[Souley]

Is your gateway acting like a proxy ?
In this case i don't think you're infected
Look at the symantec fix method & look after your ms boxes      

Cheers
Souley

[Mark R]

Thanks Souley..

Do you know of any addon that shows you which terminal is using which ports etc?

thanks again
mark

[Souley]

Hi
You can try

Code: [Select]

netstat -a
 
regards
Souley