help, port LISTENING to unware host

[Laurince Yerh]

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

<20:58:23.67@C:\Documents and Settings\Administrator>
#netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP mimic:epmap domianss2.com:0 LISTENING
TCP mimic:microsoft-ds domianss2.com:0 LISTENING
TCP mimic:1026 domianss2.com:0 LISTENING
TCP mimic:3807 domianss2.com:0 LISTENING
TCP mimic:3917 domianss2.com:0 LISTENING
TCP mimic:4099 domianss2.com:0 LISTENING
TCP mimic:6025 domianss2.com:0 LISTENING
TCP mimic:6110 domianss2.com:0 LISTENING
TCP mimic:8110 domianss2.com:0 LISTENING
TCP mimic:8888 domianss2.com:0 LISTENING
TCP mimic:netbios-ssn domianss2.com:0 LISTENING




this is the 'netstat -a' command line output
os: win2k sp4 with all windows updates installed

i use nslookup to resovle the boring domianss2.com
t the result is 0.0.0.0

what's that? is it some trojan? virus?

 

[Guest]

Yeah this doesn't look to cool. The thing that really has
be worried is the mimic statement and port highjacking.
You might want to look up the ports that are being
referenced and see if there is anything associated to
them.

I just did an ARIN lookup on the domainss2.com and got
nada back, so I would be worried about a Virus/Worm/Trojan

What AV are you using? Also does the server have a
outside facing NIC/IP?

 

[Michael Johnston [MSFT]]

What appears to have happened is that netstat tried to reverse lookup 0.0.0.0 for a name. For some reason your dns server
returned domainss2.com. This only indicates somethings up with DNS. Are you using your ISP for dns?

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the
terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from
which they originated.