Intrusion.Win.MSSQL.worm.Helkern

everytime when I'm online, Kaspersky Internet Securite 6 (the
Anti-Hacker-module) says:

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

blocked

Any hint what happened, what that is/mean? THX in advance.

--
by(e) PS
spam will be killed

"Peter Seiler" <psprivate@mailinator.com> wrote in message news:44129B8C.5090309@mailinator.com...
>
> everytime when I'm online, Kaspersky Internet Securite 6 (the
> Anti-Hacker-module) says:
>
> Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434
>
> blocked
>
> Any hint what happened, what that is/mean? THX in advance.
>
> --
> by(e) PS
> spam will be killed
>

I've always thought those were hackers looking for open computers.

Below is what http://www.geektools.com/whois.php showed for
the IP address you listed. Kerio Personal Firewall has shown me stuff like
your post a lot of times. I deny the connection, look up the IP at geektools,
then e-mail the Provider with a complaint with a copy/paste of the info
KPF provided me.

Final results obtained from whois.apnic.net.
Results:
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 222.90.0.0 - 222.91.255.255
netname: CHINANET-SN
descr: CHINANET shanxi(SN) province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: XC10-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-SHAANXI
mnt-routes: MAINT-CHINANET-SHAANXI
remarks: This object can only modify by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to hostmaster@apnic.net with your
remarks: organisation account name in the subject line.
changed: hm-changed@apnic.net 20040224
status: ALLOCATED PORTABLE
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: lqing@chinatelecom.com.cn 20051212
mnt-by: MAINT-CHINANET
source: APNIC

person: Xianghong Cao
address: Shaanxi province data communication Bureau
address: 8# guangde Road west development zone
address: Xi'an city, Shanxi province 710075
address: CN
phone: +8629-837-1049
fax-no: +8629-837-1049
e-mail: IPADM@PUBLIC.XA.SN.CN
nic-hdl: XC10-AP
mnt-by: MAINT-CHINANET-SHAANXI
changed: IPADM@PUBLIC.XA.SN.CN 20011203
source: APNIC

Peter Seiler <psprivate@mailinator.com> wrote in
news:44129B8C.5090309@mailinator.com:

>
> everytime when I'm online, Kaspersky Internet Securite 6
> (the Anti-Hacker-module) says:
>
> Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210
> UDP Port 1434
>
> blocked
>
> Any hint what happened, what that is/mean? THX in advance.
>
Take a look at
http://isc.sans.org/port_details.html?port=1434

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

Peter Seiler wrote:

> Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210
> UDP Port 1434
>
> Any hint what happened

What happened is that you don't have a $50 NAT router between your
cable/dsl modem and your computer.

I strongly suggest you get one to eliminate the need for you to be
running stupid and resource-draining (and vulnerable to de-activation)
firewall software on your computer.

> what that is/mean?

"Helkern" - 376 Bytes That Shook The World
(January, 2003)

http://www.kasperskylabs.com/news.html?id=970183

The worm is being broadcast by machines running Microsoft SQL Server.
Here's a question: If you're running Pervasive SQL server, is your
machine (was your machine) ever vulnerable?

From: "Peter Seiler" <psprivate@mailinator.com>

| Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

| blocked

| Any hint what happened, what that is/mean? THX in advance.


It sounds like activity at the FireWall. If you were using a NAT Router then you
would not see the activity at all on the PC and would only be at the Router.

It looks like just information. You can think of it as just "noise" and can be
ignored.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Peter Seiler wrote:
> everytime when I'm online, Kaspersky Internet Securite 6 (the
> Anti-Hacker-module) says:
>
> Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434
>
> blocked
>
> Any hint what happened, what that is/mean? THX in advance.
>

You don't have MS SQL Server running on your computer. MS SQL Server
runs and uses post 1434. If SQL Server is not running on your computer
and it most likely is not, then there is nothing to attack the port is
not being used.

Duane

Peter Seiler - 11.03.2006 10:42 :

THX to all who reposted.

--
by(e) PS
spam will be killed

I Do Have This Same Problem..ip Traced Somewhere In China And In Ford Company Us..what Are These Guys Upto..upto What End?