Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 12th, 2008, 12:17am
   Mischel Internet Security Forum
   TrojanHunter
   LiveUpdate (Moderators: Helena, Gavin_Coe, Magnus)
   LiveUpdate and mstask		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: LiveUpdate and mstask  (Read 1378 times)
allenfr
Newbie
*





   


Posts: 5
LiveUpdate and mstask
« on: Jun 10th, 2006, 10:18am »		 Quote Quote  Modify Modify
I have a scheduled task to run LiveUpdate each morning at 5:00 AM ET (USA).  I have noticed in my hardware firewall logs that an IP address of 221.208.208.97 (seems to be located in China) starts trying to contact my system on a daily basis, starting at night (which would be their daytime)and eventually my system responds out port 137, which I think I've traced to mstask (an active process in my Windows 2000 Pro PC) using TCPVIEW (from SysInternals.com).
 
Does LiveUpdate use this site/IP address for any purpose?  I have TrojanHunter active in the system tray and have scanned my system with both it and with SpyBot Search & Destroy, but neither has found anything in memory.
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5668
Re: LiveUpdate and mstask
« Reply #1 on: Jun 10th, 2006, 2:08pm »		 Quote Quote  Modify Modify
As near as I can tell, the UK server for Mischel is 217.112.92.24 and for the USA is 207.44.154.77
 
The 221.208.208.97 address that is trying to hack into your system is:
 
% [whois.apnic.net node-2]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
 
inetnum: 221.208.0.0 - 221.212.255.255
netname: CNCGROUP-HL
descr:   CNCGROUP Heilongjiang Province Network
descr:   China Network Communications Group Corporation
descr:   No.156,Fu-Xing-Men-Nei Street,
descr:   Beijing 100031
country: CN
admin-c: CH455-AP
tech-c:  BG63-AP
remarks: service provider
mnt-by:  APNIC-HM
mnt-lower:    MAINT-CNCGROUP-HL
mnt-routes:   MAINT-CNCGROUP-RR
status:  ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20031110
changed: hm-changed@apnic.net 20060124
source:  APNIC
 
route:   221.208.0.0/14
descr:   CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin:  AS4837
mnt-by:  MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source:  APNIC
 
role:    CNCGroup Hostmaster
e-mail:  abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone:   +86-10-82993155
fax-no:  +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c:  CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by:  MAINT-CNCGROUP
source:  APNIC
 
person:  Binghui Gao
nic-hdl: BG63-AP
e-mail:  gaobh@mail.hl.cn
address: Communication Corporation Internet Enterprise Division of HLJ
phone:   +86-451-2804465
fax-no:  +86-451-2804442
country: CN
changed: gaobh@mail.hl.cn 20030221
mnt-by:  MAINT-CNCGROUP-HL
source:  APNIC
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register