Re: tracking the w32.download.X worm using zenmap

[Duarte Silva <duartejcsilva () gmail com>]

Could you supply the report that the Symantec utility produces when
that worm is found?

On Fri, Feb 26, 2010 at 12:07 AM, Ron <ron () skullsecurity net> wrote:
> Hi David,
>
> I don't know the answer to your question, unfortunately, but somebody on the nmap-dev mailing list might, so I'm 
> including it in my response.
>
> Good luck!
>
> Ron
>
> On Thu, 25 Feb 2010 15:01:04 -0700 "David Carter" <dcarter () fusd1 org>
> wrote:
> > Hi,
> >
> > I have been fighting a w32.download.X worm since November and finally
> > found some relief when a tech person from Symantec gave me a link for
> > zenmap.  I did some reading and tried to use the utility but I am not
> > really sure how to use this as a tracking tool to hunt down this worm.
> > I have a THREATTRACER entry in the regrestry on some machines that are
> > taking hits from the worm(Symantec utility) but this is really not
> > telling me where the source is.  Our Symantec software is mostly
> > deleting the worm but It is extremely hard finding the source.  I love
> > the zenmap interface but I don't know much about nmap other then it's
> > a fantastic tool for Security Administrators. Can you give me a nmap
> > scrip I can use to assist in finding this worm?   Please email me
> > with some good news PLEASE..
> >
> >
> >
> > Thank You Kindley!
> >
> >
> >
> > David Carter
> >
> > FUSD Tech Services
> >
> > 928-527-9440
>
>
> --
> Ron Bowes
> http://www.skullsecurity.org
> http://www.twitter.com/iagox86
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/