My anti virus program detected an intruder with the IP address as 66.90.164.137. It is Win.MSSQL.worm.Helkern. It has tried a few times to intrude when I go to Yahoo Answers in Computers and Internet Category. What will happen if it succeed in intrusion?
2006-11-24 03:14:50 · 6 answers · asked by Chris 5 in Computers & Internet ➔ Security
This particular Virus go to the machine usually with SQL server.
Communicates usually on UDP port number 1434.
Block incoming UDP 1434 at your firewall (it is advisable to turn off logging on that port at the same time)
It seems you are using Kaspersky's security program. If it tells you on which port it is communicating then block and avoid using that particular port.
Also update your windows. If I find any other thing will let you know.
I am giving you the address of that IP you gave:
OrgName: Grande Communications Networks, Inc.
OrgID: GCNI
Address: 401 Carlson Cir
City: San Marcos
StateProv: TX
PostalCode: 78666
Country: US
NetRange: 66.90.128.0 - 66.90.255.255
CIDR: 66.90.128.0/17
NetName: GRANDECOM-01
NetHandle: NET-66-90-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.LSN.NET
NameServer: NS2.LSN.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-03-29
Updated: 2003-06-20
OrgAbuseHandle: ABUSE153-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-512-878-4000
OrgAbuseEmail: abuse@grandecom.com
OrgTechHandle: IPSER2-ARIN
OrgTechName: IP Services
OrgTechPhone: +1-512-878-4000
OrgTechEmail: ipservices@grandecom.com
# ARIN WHOIS database, last updated 2006-11-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
2006-11-24 03:52:38 · answer #1 · answered by sushil 2 · 0⤊ 0⤋
It's not an intruder as much as it's in infected computer.
OrgName: Grande Communications Networks, Inc.
OrgID: GCNI
Address: 401 Carlson Cir
City: San Marcos
StateProv: TX
PostalCode: 78666
Country: US
Assuming that you are firewalled, just ignore it and move on. Turn off the notifications, they're worthless.
2006-11-24 05:05:46 · answer #2 · answered by Bostonian In MO 7 · 0⤊ 0⤋
Click on Conrol Panel and select Internet Options. Select Windows Security Center, then internet options, select restricted sites and add the site by typing in the IP address.
2006-11-24 03:27:34 · answer #3 · answered by fuck off 5 · 0⤊ 0⤋
Try the link below. It found the city in less than a second. The page has other links to search for more detail
2006-11-24 03:39:12 · answer #4 · answered by Mad Jack 7 · 0⤊ 0⤋
Look here to see who owns the IP block
http://ws.arin.net/cgi-bin/whois.pl
To me it looks like an ISP.....
For more information on the worm see
http://www.viruslist.com/en/news?id=59188
Unless you are running MSSQL 2000 you should not have to worry as this is the software it is trying to exploit. Also as long as your Anti-Virus picks it up all is well...
2006-11-24 03:19:41 · answer #5 · answered by Brian L 3 · 0⤊ 0⤋
Do you have McAfee? It will trace where your intruder came from.
2006-11-24 03:18:27 · answer #6 · answered by noonee333 4 · 0⤊ 0⤋