I have a friend who came to me with a question. He feels his puter may be compromised. I did a google and a SamSpade. The Traceroute looked strange to me.

I'm posting the info he sent me. If you see something obvious that I don't, please feel free to speak up. We all know I'm no expert. LOL

I knew I could ask my friends here at AO.

Thanks in advance.

PS. Hogfly, is your gas better?

Anyway, here's what he says....

---------------------------------------------------

At work I have a small network. 4 computers including a server.

My secretary is on vacation this week and I am the only one there.

While I wasn't on the net, I noticed the data light on the cable modem on the server flashing. (server is running nt4.0 with ZAP Pro and Wingate for inet access through cable modem)

I do a netstat on my puter. Everything is fine. I check my hub. Nothing on the network is transmitting over the network.

So I log on to server. (Nobody uses it and it is usually logged off so the only things that should be running are services)

I do a netstat -a and there are a couple of connection to Romania. Wingate is only showing a connection to my 'puter. Still no network activity.

info.....

server:nbsession (I assume netbui) 205.246.203.43:80
server:2385 varzarv2.kappa.ro:8080
server:3661 67dial105.xnet.ro:8080

and connections to

194.105.24.221:8080:8080/talk.htm
213.233.67.105:8080:8080/talk.htm

Actually I think the last 2 were showing in wingate.

A probe of my system at grc shows I am cool.

------------------------------------------------------------------

Thanks again, folks.