Jump to content

hacktool.dfind overloading connections on firewall


Archie_E3
 Share

Recommended Posts

Hi,

We've been having a recurring problem here with a particular machine behind a firewall running a dfind.exe process which overloads the firewall by maxing out the connections (at 4096). The problem has been identified and deleted time and time again but keeps coming back, so it seems there is another process that is causing the malware to come back.

The machine is a Windows Server 2003 machine with Symantec Endpoint Protection 11 installed. SEP has only come up with identifying the virus (hacktool.dfind) once, and each time the virus comes back and our firewall goes down the process is called something else (eg it was called rtvscan.exe last time).

We've run SEP, Malwarebytes, spybot, hijack this (log file available at: http://rafb.net/p/c9pBlL96.html), trend micro housecall and rootkit revealer to no avail.

I have trawled the web for people who've had similar problems, and can currently only find the following posts which are similar, but none of them seem to have solutions!

http://www.tek-tips.com/viewthread.cfm?qid...9122&page=1

http://www.experts-exchange.com/Security/V...Q_21857086.html

http://www.experts-exchange.com/Security/O...Q_21775571.html

Any help would be very much appreciated! Its an important server, and an even more important firewall its overloading, so if there is any way at all to stop this malware before having to rebuild the machine that would be brilliant!!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.