From owner-freebsd-isp@FreeBSD.ORG  Sun Sep 12 19:45:24 2004
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 35CAF16A4CF
	for <freebsd-isp@freebsd.org>; Sun, 12 Sep 2004 19:45:24 +0000 (GMT)
Received: from otter3.centtech.com (moat3.centtech.com [207.200.51.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8B02143D1D
	for <freebsd-isp@freebsd.org>; Sun, 12 Sep 2004 19:45:23 +0000 (GMT)
	(envelope-from anderson@centtech.com)
Received: from [192.168.42.25] ([192.168.42.25])
	by otter3.centtech.com (8.12.3/8.12.3) with ESMTP id i8CJjGCw099742;
	Sun, 12 Sep 2004 14:45:16 -0500 (CDT)
	(envelope-from anderson@centtech.com)
Message-ID: <4144A740.2000505@centtech.com>
Date: Sun, 12 Sep 2004 14:45:04 -0500
From: Eric Anderson <anderson@centtech.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040813
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: karan Gupta <kgupta@edgefocus.com>
References: <4144A55B.3060001@edgefocus.com>
In-Reply-To: <4144A55B.3060001@edgefocus.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-isp@freebsd.org
Subject: Re: tcpdump analysis help!
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Sep 2004 19:45:24 -0000

karan Gupta wrote:
> Is 10.0.152.48 effected with a virus?

Yes - look at the processes running, and look for scrgrd.exe.  Kill it, remove 
ALL related registry entries, then do this:

cd c:\windows\system32
attrib -r -s -a -h scrgrd.exe
del scrgrd.exe



-- 
------------------------------------------------------------------
Eric Anderson     Sr. Systems Administrator    Centaur Technology
Talk sense to a fool and he calls you foolish.
------------------------------------------------------------------