MsTask Vulnerability..

[Varun Pitale <varun.pitale () gmail com>]

I have a couple of  Windows machines on my network, which seem to be
infected with the MsTask Vulnerability ( July 13th). I do a port scan
and find mstask.exe running on  different ports. How do I decide for
sure, if this machine is compromised without physically going to it?.


I am also listing a nmap output I did on  a machine. 

Interesting ports on 10.12.2.5:
(The 65527 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE      VERSION
113/tcp  open  auth?
135/tcp  open  msrpc        Microsoft Windows msrpc
139/tcp  open  netbios-ssn
427/tcp  open  svrloc?
445/tcp  open  microsoft-ds Microsoft Windows XP microsoft-ds
1026/tcp open  mstask       Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
2653/tcp open  mstask       Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
3017/tcp open  unknown



-- 
Regards, 
   Varun
   (704)-241-0092 --(Mobile)
   mailto: varun.pitale_(at)_gmail_(dot)_com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------