I am still fighting the UDP Port 8881 virus that appears to come from visiting a Twitter account. So far I can tell that IPCop logs about 6000 blocked UDP port requests inbound to the infected computer every day. The infected computer according to WireShark, just goes out to random web pages and downloads pictures. That appears to then trigger the port 8881 responses back towards the infected computer. Reformatting the hard drive does NOT get rid of the virus. I assume that the virus comes back when you copy back 'my documents' but I am not even sure of that. However NO ANTI VIRUS program can detect this virus after a week of fighting it.
Here are some WireShark screen pictures. First is the incoming traffic to the infected computer. This one is kind of funny. It says "go away we're not home". Click on the image to see it full size.
Here is a typical IPCop screen showing the connections opened by the virus;
No comments:
Post a Comment