w32.downadup source infection

cwstad2
cwstad2 used Ask the Experts™
on
Hi all, we have an intermittent problem with the downadup virus. We have AV installed but it keeps poping up on ou network. Is there a way to track the source computer?

thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Manjunath SulladTechnical Consultant

Commented:
If you run netstat -no on computer..

It will show you IP address of destination computers and it will show you which IP address its referreing to.
Only shows the DNS server
Manjunath SulladTechnical Consultant

Commented:
Update the Antivirus and scan completely....
If you know the name of the infected file being dropped on the network, you could try installed wireshark or any other network traffic monitoring tool.

http://www.wireshark.org/

Remove the virus from the computer that is infected, install wireshark, then start it monitoring. Once you have determined that the infection is again present, stop wireshark and scan the log file for the infected file name. Once found, it should give you the IP address of the source of the file.
Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial