5 Replies Latest reply on May 11, 2010 9:27 PM by Beann

    Suspicious traffic attacked by Generic Rootkit.ej (Trojan)

      Hi all,


      Recently I have 2 PCs infected with suspicious network traffic attacked by Generic Rootkit.ej (Trojan). However, the 2 PCs have performed virus scan with DAT5902 definitions and there were found no malware detected. Please refer to the attached OnDemandScanLog.txt file.


      We noticed that the traffic from the sources to the destination IPs as listed below:



      Based on the describtion from McAfee Threats Resource site, the IP was connected by making the following DNS queries for MailServers:


      1. MX aol.com
      2. MX slashdot.org
      3. MX mozilla.org
      4. MX google.com


      [Trojan Information]



      Will appreciate if anyone can help understand and advise the circumstances I experienced.


      Thank you.