Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

constant dhcp requests

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

constant dhcp requests

Unread postby tuvia » October 26th, 2010, 4:52 pm

the Win2003 server sends constant dhcp requests to the dhcp server (port 68 I think). It gets all available IP addresses, then still keeps sending, so it gets any more addresses if they open up. The dhcp server shows all the ip addresses issued to the server's mac address, and port scanning shows the constant requests. The requests come services.exe which loads the network services, obviously an essential service.

Malwayebytes, spy-bot, AVG, clamwirus cannot find the problem.

Here is the hijack log, maybe it will help:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:37 AM, on 10/26/2010
Platform: Windows 2003 SP2, v.2845 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ntfrs.exe
C:\Program Files\Sage Software\Peachtree\SmartPostingService2009.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\RTHDCPL.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\HDScheduler\HDScheduler.exe
C:\Program Files\Symantec\Backup Exec\BkupExec.exe
C:\GOLDMINE\gmw6.exe
C:\WINNT\system32\rsmsink.exe
C:\WINNT\system32\rsmsink.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PeachtreePrefetcher.exe] "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKUS\S-1-5-21-299502267-2000478354-839522115-1102\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User '?')
O4 - HKUS\S-1-5-21-299502267-2000478354-839522115-500\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-299502267-2000478354-839522115-500 Startup: Goldmine sync.lnk = C:\GOLDMINE\gmw6.exe (User '?')
O4 - Global Startup: Goldmine sync.lnk = C:\GOLDMINE\gmw6.exe
O4 - Global Startup: HelpDesk Scheduler.lnk = C:\Program Files\HDScheduler\HDScheduler.exe
O15 - ESC Trusted Zone: http://download.avg.com
O15 - ESC Trusted Zone: http://www.vmanager.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 8150994937
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8150777078
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.33.220.165/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A53712-6114-455D-9BC0-4BFA20A3C23E}: NameServer = 64.7.11.2,66.80.130.23
O23 - Service: Adaptec Storage Manager Agent (AdaptecStorageManagerAgent) - Unknown owner - C:\Program Files\Adaptec\Adaptec Storage Manager\StorServ.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\bengine.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\beserver.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Adaptec Management Service (mgmtservice) - Unknown owner - C:\Program Files\Adaptec\Adaptec Storage Manager\mgmtservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Peachtree SmartPosting 2009 - Sage Software, Inc. - C:\Program Files\Sage Software\Peachtree\SmartPostingService2009.exe
O23 - Service: Pervasive PSQL Workgroup Engine (psqlWGE) - Unknown owner - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINNT\System32\termsrv.exe (file missing)

--
End of file - 5905 bytes
tuvia
Active Member
 
Posts: 1
Joined: October 26th, 2010, 4:46 pm
Advertisement
Register to Remove

Re: constant dhcp requests

Unread postby NonSuch » October 26th, 2010, 5:30 pm

It is the policy of this site that our volunteers only assist with computers that are used exclusively for home use. We do not assist with servers, nor business computers, nor personal computers used for business purposes.

http://malwareremoval.com/forum/viewtop ... 98#p491398

As this issue involves either a server, a company owned machine, or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 380 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware