Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Detected covert channel exploit in ICMP packet


  • Please log in to reply
1 reply to this topic

#1 metalhard

metalhard

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 08 October 2012 - 09:58 AM

Hello,

I receive the notification "Detected covert channel exploit in ICMP packet" and the IP address is 87.248.122.122.

I ran the file aswMBR.exe and I got the log which I have pasted below.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-08 17:53:41
-----------------------------
17:53:41.319 OS Version: Windows x64 6.1.7600
17:53:41.320 Number of processors: 2 586 0x2A07
17:53:41.320 ComputerName: HARDIK-99205222 UserName:
17:53:43.469 Initialize success
17:53:57.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:53:57.328 Disk 0 Vendor: ST320LT0 0003 Size: 305245MB BusType: 3
17:53:57.357 Disk 0 MBR read successfully
17:53:57.359 Disk 0 MBR scan
17:53:57.361 Disk 0 Windows 7 default MBR code
17:53:57.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102300 MB offset 206848
17:53:57.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101142 MB offset 209717248
17:53:57.423 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 101701 MB offset 416856064
17:53:57.467 Disk 0 scanning C:\Windows\system32\drivers
17:54:29.160 Service scanning
17:55:06.475 Modules scanning
17:55:06.476 Disk 0 trace - called modules:
17:55:06.512 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:55:06.514 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004010060]
17:55:06.517 3 CLASSPNP.SYS[fffff88000dcc43f] -> nt!IofCallDriver -> [0xfffffa8003aec4d0]
17:55:06.518 5 ACPI.sys[fffff88000ec1781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003af0050]
17:55:06.520 Scan finished successfully
17:55:36.419 Disk 0 MBR has been saved successfully to "C:\Users\Hardik-9920522272\Desktop\MBR.dat"
17:55:36.426 The log file has been saved successfully to "C:\Users\Hardik-9920522272\Desktop\aswMBR.txt"


Honestly speaking I don't know anything about all this. I am afraid that it somebody might be tracking me.


Any help would be appreciated!!

Thanks!!!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:09 AM

Posted 08 October 2012 - 12:08 PM

Welcome aboard Posted Image

I receive the notification "Detected covert channel exploit in ICMP packet" and the IP address is 87.248.122.122.

Which program is warning you?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users