5 Replies Latest reply on May 11, 2010 9:27 PM by Beann

    Suspicious traffic attacked by Generic Rootkit.ej (Trojan)

      Hi all,

       

      Recently I have 2 PCs infected with suspicious network traffic attacked by Generic Rootkit.ej (Trojan). However, the 2 PCs have performed virus scan with DAT5902 definitions and there were found no malware detected. Please refer to the attached OnDemandScanLog.txt file.

       

      We noticed that the traffic from the sources to the destination IPs as listed below:

      srcip:10.162.11.22srcport:13504dstip:96.9.183.149dstport:80protocol:6

       

      Based on the describtion from McAfee Threats Resource site, the IP 96.9.183.149 was connected by making the following DNS queries for MailServers:

       

      1. MX aol.com
      2. MX slashdot.org
      3. MX mozilla.org
      4. MX google.com

       

      [Trojan Information]

      http://vil.mcafeesecurity.com/vil/content/v_258600.htm

       

      Will appreciate if anyone can help understand and advise the circumstances I experienced.

       

      Thank you.