[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
tom wrote: > > its perfora.net (74.208.84.230) > I've just noticed (having restarted w2k to get this info) that it is > pinging before the user screen is up and its properly on the network so > it may be a dodgy driver for the wireless card.... perfora.net is just a PTR record. Looks most likely that perfora.net had this address, but 1and1 removed them and didn't update the reverse lookup. Domain crawler has 341 domains listed on the IP address - so not much help other than likely shared hosting at 1and1. MyWot thinks perfora.net were associated with malware distributors, including Koobface. If it were me, I'd identify which piece of software is making the requests and report it via virustotal, and then reinstall from trusted media. Koobface sticks itself in the usual locations (RunOnce etc) in registry, so not too hard to find with regedit and a little common sense. If I were advising someone else, I'd say reinstall from trusted media. Probably the command and control is long dead, on the other hand you don't know what else got installed. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html