Re: what is the best procedure to track down a potentially new virus/worm/etc?

1. At a command prompt, type Netstat âano > netstat.txt, and then
press ENTER. This command creates the Netstat.txt file. This file
lists all the listening ports.
2. At the command prompt, type Tasklist > tasklist.txt, and then press
ENTER. If the program in question runs as a service, type Tasklist
/svc > tasklist.txt instead of Tasklist > tasklist.txt so that the
services that are loaded in each process are listed.
3. Open the Tasklist.txt file, and then locate the program that you
are troubleshooting. Write down the Process Identifier for the
process, and then open the Netstat.txt file. Note any entries that are
associated with that Process Identifier and the protocol that is used.

> From http://support.microsoft.com/default.aspx?kbid=875357#10


Or you can try you hand at logging the IPNAT driver.
netsh ras set tracing ipnat enable
OR
netsh ras set tracing * enable

Check up the log after the session at:
%SystemRoot%\tracing

It has detailed description with path and filenames.

On Wed, 15 Dec 2004 11:31:18 +0800, xxp <xxp@beelink.com> wrote:
> hi,
>
>
> > It can't hurt, the ISP may or may not act on your information, but it is
> > worth a shot. It would greatly help your case if you sent them copies of
> > your logs containing the pertinent information..
>
> Most of ISPs could not log the informations of connections considered safety,
> maybe you can inform them your IP infos and ask them to record datas between 
> you
> and suspicous site.
>
> regards,
> jinjian