win2000怀疑中了红色代号病毒,请各位诊治
只要拨号上网,modem就开始上传数据,我捕获了部分数据,请各位诊治,如果是红色代号,如何杀除?万分感谢,我的机器名是webserver,ip是192.168.0.1
1 0.020029 XEROX 000000 96D520000200 TCP ....S., len: 0, seq:1073851620-1073851620, ack: 0, win: 8760, src: 3690 dst: 80 WEBSERVER 192.168.242.19 IP
Frame: Base frame properties
Frame: Time of capture = 2001-8-5 16:0:46.505
Frame: Time delta from previous physical frame: 0 microseconds
Frame: Frame number: 1
Frame: Total frame length: 62 bytes
Frame: Capture frame length: 62 bytes
Frame: Frame data: Number of data bytes remaining = 62 (0x003E)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 96D520000200
ETHERNET: .......0 = Individual address
ETHERNET: ......1. = Locally administered address
ETHERNET: Source address : 000002000000
ETHERNET: .......0 = No routing information present
ETHERNET: ......0. = Universally administered address
ETHERNET: Frame Length : 62 (0x003E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 48 (0x0030)
IP: ID = 0x4C74; Proto = TCP; Len: 48
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 48 (0x30)
IP: Identification = 19572 (0x4C74)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0x38FA
IP: Source Address = 61.137.133.20
IP: Destination Address = 192.168.242.19
IP: Data: Number of data bytes remaining = 28 (0x001C)
TCP: ....S., len: 0, seq:1073851620-1073851620, ack: 0, win: 8760, src: 3690 dst: 80
TCP: Source Port = 0x0E6A
TCP: Destination Port = Hypertext Transfer Protocol
TCP: Sequence Number = 1073851620 (0x4001ACE4)
TCP: Acknowledgement Number = 0 (0x0)
TCP: Data Offset = 28 (0x1C)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x02 : ....S.
TCP: ..0..... = No urgent data
TCP: ...0.... = Acknowledgement field not significant
TCP: ....0... = No Push function
TCP: .....0.. = No Reset
TCP: ......1. = Synchronize sequence numbers
TCP: .......0 = No Fin
TCP: Window = 8760 (0x2238)
TCP: Checksum = 0xEFED
TCP: Urgent Pointer = 0 (0x0)
TCP: Options
TCP: Maximum Segment Size Option
TCP: Option Type = Maximum Segment Size
TCP: Option Length = 4 (0x4)
TCP: Maximum Segment Size = 1460 (0x5B4)
TCP: Option Nop = 1 (0x1)
TCP: Option Nop = 1 (0x1)
TCP: SACK Permitted Option
TCP: Option Type = Sack Permitted
TCP: Option Length = 2 (0x2)
00000: 96 D5 20 00 02 00 00 00 02 00 00 00 08 00 45 00 Õ ...........E.
00010: 00 30 4C 74 40 00 80 06 38 FA 3D 89 85 14 C0 A8 .0Lt@..8ú=
.ˬ
00020: F2 13 0E 6A 00 50 40 01 AC E4 00 00 00 00 70 02 ò..j.P@.¬ä....p.
00030: 22 38 EF ED 00 00 02 04 05 B4 01 01 04 02 "8ïí.....´....
2 0.030043 XEROX 000000 96D520000200 TCP ....S., len: 0, seq:1078731693-1078731693, ack: 0, win: 8760, src: 3774 dst: 80 WEBSERVER 192.168.157.84 IP
Frame: Base frame properties
Frame: Time of capture = 2001-8-5 16:0:46.515
Frame: Time delta from previous physical frame: 10014 microseconds
Frame: Frame number: 2
Frame: Total frame length: 62 bytes
Frame: Capture frame length: 62 bytes
Frame: Frame data: Number of data bytes remaining = 62 (0x003E)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD Internet Protocol
ETHERNET: Destination address : 96D520000200
ETHERNET: .......0 = Individual address
ETHERNET: ......1. = Locally administered address
ETHERNET: Source address : 000002000000
ETHERNET: .......0 = No routing information present
ETHERNET: ......0. = Universally administered address
ETHERNET: Frame Length : 62 (0x003E)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes remaining = 48 (0x0030)
IP: ID = 0x4C75; Proto = TCP; Len: 48
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 48 (0x30)
IP: Identification = 19573 (0x4C75)
IP: Flags Summary = 2 (0x2)
IP: .......0 = Last fragment in datagram
IP: ......1. = Cannot fragment datagram
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 128 (0x80)
IP: Protocol = TCP - Transmission Control
IP: Checksum = 0x8DB8
IP: Source Address = 61.137.133.20
IP: Destination Address = 192.168.157.84
IP: Data: Number of data bytes remaining = 28 (0x001C)
TCP: ....S., len: 0, seq:1078731693-1078731693, ack: 0, win: 8760, src: 3774 dst: 80
TCP: Source Port = 0x0EBE
TCP: Destination Port = Hypertext Transfer Protocol
TCP: Sequence Number = 1078731693 (0x404C23AD)
TCP: Acknowledgement Number = 0 (0x0)
TCP: Data Offset = 28 (0x1C)
TCP: Reserved = 0 (0x0000)
TCP: Flags = 0x02 : ....S.
TCP: ..0..... = No urgent data
TCP: ...0.... = Acknowledgement field not significant
TCP: ....0... = No Push function
TCP: .....0.. = No Reset
TCP: ......1. = Synchronize sequence numbers
TCP: .......0 = No Fin
TCP: Window = 8760 (0x2238)
TCP: Checksum = 0xCD45
TCP: Urgent Pointer = 0 (0x0)
TCP: Options
TCP: Maximum Segment Size Option
TCP: Option Type = Maximum Segment Size
TCP: Option Length = 4 (0x4)
TCP: Maximum Segment Size = 1460 (0x5B4)
TCP: Option Nop = 1 (0x1)
TCP: Option Nop = 1 (0x1)
TCP: SACK Permitted Option
TCP: Option Type = Sack Permitted
TCP: Option Length = 2 (0x2)
00000: 96 D5 20 00 02 00 00 00 02 00 00 00 08 00 45 00 Õ ...........E.
00010: 00 30 4C 75 40 00 80 06 8D B8 3D 89 85 14 C0 A8 .0Lu@..¸=
.ˬ
00020: 9D 54 0E BE 00 50 40 4C 23 AD 00 00 00 00 70 02 T.¾.P@L#....p.
00030: 22 38 CD 45 00 00 02 04 05 B4 01 01 04 02 "8ÍE.....´....