Mailing List CGatePro@mail.stalker.com Message #97434
From: Tom Rymes <trymes@rymesheating.com>
Subject: Re: Tracking down an infected pc
Date: Thu, 5 Mar 2009 21:03:34 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.753.1)
On Mar 5, 2009, at 6:40 PM, Todd Schuldt wrote:

Do you have a rogue PC somewhere?  Maybe it's not a company machine but something someone is bringing in from home?

That was my original thought, and it actually turns out that that was it. The machine was here with permission, but when I went to look at it I was told that it was not working and had been and turned off for a full day, and it was indeed sitting there with lid closed, etc. and the connections kept coming back even after router resets, etc.

Since the connections kept coming back I presumed that the story was indeed true, but I noticed a connection going out to the Windows update site today from the address in question and went downstairs to find that PC in a post-fresh-install windowsupdate routine.

Hard to say if I was being lied to (likely) or just that the connections, due to their long timeout values, just kept coming back even though the PC was out of commission already (not within my understanding of networking....)

Either way, I think I managed to finally chase that one down, so we'll see. I knew that I'd wish I had sprung for managed switches at some point, but this is a reasonably small environment, so....

Thanks for all of the help,

Tom
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster