Teching to suck eggs but.....
1) Assuming a firewall between the infected boxes and the outside world, log outgoing stuff
2) Shut down all legitimate services
3) Phone your missus - tell her you will see her at the weekend
4) Look at the logs to see what is trying to connect to what
5) Google for those ports etc
6) Make the rest up as you go along
David
|