![]() Im sick of getting viruses.ġ.) i see the stream opening up a connection to a different iis server so im guessing thats where its coming in from. Is this normal when you foolow a tcp stream? is that file above the virus or the temp file of the wireshark capture? how can i find the file/virus from the wireshark capture? Its showing an error on the tcp stream: could not open temp file C:\users\x\appdata\local\temp\follow_20121203192017_a04336: access is denied ever time i follow the stream i get the virus. If i follow a tcp stream of the packets i got froom the server answering the pings, would that cause the exploit to be run again? as soon as i followed the stream, my ms security essentials opened again quarantining that exploit again. Now i would like to find whats tripping the av software. all i did was start the capture, clicked the link, saw the ms security essential quarantine the exploit (Again) and stopped the capture I go to (what appears to be ) a regular company website with a link off and i see my ms sec essntials open up and clean up/quarantine a virus. i isolated the traffic, now i just want to read/translate the code inside. looking to see what files are being transfered or what commands are being sent to my pc. any thoughts appreciated.ĮDIT: how can i view udp packets? i need to look at what commands are being run in java with a udp field i belive. ![]() gonna try and see what else i can get from this stream capture. huh :( some weird charectors so i would guess thats the code. i see it connecting to another website's iis server. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |