Intrusion.Win.MSSQL.worm.Helkern

[Peter Seiler]

everytime when I'm online, Kaspersky Internet Securite 6 (the
Anti-Hacker-module) says:

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

blocked

Any hint what happened, what that is/mean? THX in advance.

 

[Sanjaya]

everytime when I'm online, Kaspersky Internet Securite 6 (the
Anti-Hacker-module) says:

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

blocked

Any hint what happened, what that is/mean? THX in advance.

I've always thought those were hackers looking for open computers.

Below is what http://www.geektools.com/whois.php showed for
the IP address you listed. Kerio Personal Firewall has shown me stuff like
your post a lot of times. I deny the connection, look up the IP at geektools,
then e-mail the Provider with a complaint with a copy/paste of the info
KPF provided me.

Final results obtained from whois.apnic.net.
Results:
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 222.90.0.0 - 222.91.255.255
netname: CHINANET-SN
descr: CHINANET shanxi(SN) province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: XC10-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-SHAANXI
mnt-routes: MAINT-CHINANET-SHAANXI
remarks: This object can only modify by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to (e-mail address removed) with your
remarks: organisation account name in the subject line.
changed: (e-mail address removed) 20040224
status: ALLOCATED PORTABLE
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: (e-mail address removed)
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: (e-mail address removed) 20051212
mnt-by: MAINT-CHINANET
source: APNIC

person: Xianghong Cao
address: Shaanxi province data communication Bureau
address: 8# guangde Road west development zone
address: Xi'an city, Shanxi province 710075
address: CN
phone: +8629-837-1049
fax-no: +8629-837-1049
e-mail: (e-mail address removed)
nic-hdl: XC10-AP
mnt-by: MAINT-CHINANET-SHAANXI
changed: (e-mail address removed) 20011203
source: APNIC

 

[me]

everytime when I'm online, Kaspersky Internet Securite 6
(the Anti-Hacker-module) says:

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210
UDP Port 1434

blocked

Any hint what happened, what that is/mean? THX in advance.

Take a look at
http://isc.sans.org/port_details.html?port=1434

J

 

[Virus Guy]

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210
UDP Port 1434

Any hint what happened

What happened is that you don't have a $50 NAT router between your
cable/dsl modem and your computer.

I strongly suggest you get one to eliminate the need for you to be
running stupid and resource-draining (and vulnerable to de-activation)
firewall software on your computer.

what that is/mean?

"Helkern" - 376 Bytes That Shook The World
(January, 2003)

http://www.kasperskylabs.com/news.html?id=970183

The worm is being broadcast by machines running Microsoft SQL Server.
Here's a question: If you're running Pervasive SQL server, is your
machine (was your machine) ever vulnerable?

 

[David H. Lipman]

From: "Peter Seiler" <[email protected]>

| Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

| blocked

| Any hint what happened, what that is/mean? THX in advance.


It sounds like activity at the FireWall. If you were using a NAT Router then you
would not see the activity at all on the PC and would only be at the Router.

It looks like just information. You can think of it as just "noise" and can be
ignored.

 

[Duane Arnold]

everytime when I'm online, Kaspersky Internet Securite 6 (the
Anti-Hacker-module) says:

Intrusion.Win.MSSQL.worm.Helkern Adresse 222.91.45.210 UDP Port 1434

blocked

Any hint what happened, what that is/mean? THX in advance.

You don't have MS SQL Server running on your computer. MS SQL Server
runs and uses post 1434. If SQL Server is not running on your computer
and it most likely is not, then there is nothing to attack the port is
not being used.

Duane

 

[Peter Seiler]

Peter Seiler - 11.03.2006 10:42 :

THX to all who reposted.

 

[vadai]

Intrusion Win Mssql Worm Helkern

I Do Have This Same Problem..ip Traced Somewhere In China And In Ford Company Us..what Are These Guys Upto..upto What End?