Hosting Provided By

030 igetnet ignkeywords

From: Waitman C. Gobble <waitman(at)emkdesign.com>
Date: Sun Nov 10 2002 - 22:02:17 EST

Hello

I have found more information regarding my original 030.com post.

The machine that is infected is running Windows XP Professional with all service packs and hotfixes.

Additionally, it is running Norton Antivirus 2003 with the latest database, and the machine checks clean.

There is a file running on boot:

C:\WINDOWS\WinStart.exe (the date of this file is November 11, 2002)

The file properties indicate that it originates from IGetNet, LLC. The whois information shows that this is the owner of ignkeywords.com

Also, this file exists: C:\WINDOWS\prefetch\WINSTART.EXE-2C11637C.pf.

Do you need help?

It's date and time reflect the last time the machine was booted. Please note that I am not sure what this file is, but it seems to relate.

The machine now seems to go to ignkeywords.com, however sometimes it goes to 030.com, which is what we originally observed.

The WinStart file is labelled as a "Browser Upgrade" in the file properties thingy.

Thanks and Best

Waitman Gobble
EMK Design
Buena Park, California
+1.7145222528

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Nov 11 16:32:22 2002

This message: [ Message body ]
Next message: Lupe Christoph: "Port 5552?"
Previous message: Nick FitzGerald: "Re: 030.com"
Next in thread: Nick FitzGerald: "Re: 030 igetnet ignkeywords"
Reply: Nick FitzGerald: "Re: 030 igetnet ignkeywords"
Reply: J. Foobar: "Re: 030 igetnet ignkeywords"
Reply: Waitman C. Gobble: "Re: 030 igetnet ignkeywords"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:50 EDT