Virus - SMB Port Scanning (Wannacry?)

Virus / Security Risk

The following IPs have been port scanning SMB (TCP/445) (this is windows file share port) and may well be infected by malware or viruses. Can the owners please check software they may have installed recently and run a scan for viruses.

They’ve been logged on @dizzle 's firewall trying to log into 445 (which is SMB or Windows file share port). It’s a known symptom of the WannaCry virus or similar. Some wuggers (from PTAWUG) have also noted the attacks on their anti-virus:

Thanks @dizzle for tracking down the issue. Thanks for PTAWUGgers reporting it to us also.

Scanning IPs

These will be automatically blackholed:

1 Like

Added two more IPs to the list above.

List of host names below,

From Kfn: - @shaggydogza - @redrbk also redbrk - @Coms - @Blinkfs

1 Like

Also infected

Stiaan wats dit, gee bietjie clarity asb

Refer na 1ste post in thread, devices op daai IP’s van jou is baie moontlik infected

Hi is dit d pcs of rbs

PC’s is die likely een vir hierdie geval

I’ve informed snot and Arno

Ok stiaan sal kyk vanaand

@dizzle has run a scan on one of these and it was heavily infected with multiple malwares. It was also not patched. Keep your systems up to date even if only on the wug. There are wsus servers on the wug also.

Or switch to Linux.

@spin, what you mean patched

According to Zerocool IP: he scanned and deleted his virus. Can anyone please just if he did it successfully.

did a scan all well my side

What do you mean complete? @Wolf

Patching the operating system for vulnerabilities. Patches are released by OS maintainers. Basically windows updates

1 Like

@dizzle Post have been updated

1 Like

let me know if there is anything else .coms and dizzle

spin i did what you asked from me . i would appreciate it if you bring me back online thank you