Hosting Provided By

Re: Suspicious file on Desktop

From: <PAUL_TAYLOR(at)qvc.com>
Date: Mon Feb 10 2003 - 12:11:54 EST

Have you made any DCC connections with those people at those times? That's what it looks like.

Paul

                                                                                                                                 
                      Patrick Fish                                                                                               
                                           cc:       (bcc: PAUL TAYLOR/QVC)                                                  
                      Ext: NA                  Subject:  Suspicious file on Desktop                                              
                                                                                                                                 
                      02/10/2003 05:12                                                                                           
                      AM

Hi,

I've been trying to figure out why there is a "Startup.log" file on my desktop. I've searched mail archives and google, but didn't find anything about this. The file contains:

(Last octet of IP removed)

CONNECTION: [01/26/03 21:50 UTC] 62.163.176.xx
CONNECTION: [01/26/03 21:56 UTC] 67.192.41.xxx
CONNECTION: [01/26/03 22:01 UTC] 67.192.41.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:49 UTC] 80.194.40.xxx
CONNECTION: [02/06/03 09:06 UTC] 144.134.163.xx
CONNECTION: [02/06/03 09:11 UTC] 216.249.81.xx
CONNECTION: [02/06/03 09:46 UTC] 136.165.87.xxx
CONNECTION: [02/06/03 09:47 UTC] 211.28.63.xxx
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek

After resolving a few of them, these are all people I know pretty well on IRC. I can't figure out what's causing this - I don't use a mIRC script, I don't have a firewall (XP firewall is disabled) -- I do have Norton 2003 Pro. I'm using Windows XP Pro on Service Pack 1a, but the file was created before I installed SP1a

I've checked my process list, and there's nothing running that shouldn't be.

Do you need more help?

Has anything seen something similar or know what's causing this?

Thanks.

--
Patrick Fish

----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: 
http://aris.securityfocus.com
----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Mon Feb 10 15:13:50 2003

This message: [ Message body ]
Next message: Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Previous message: davec(at)skooter.net: "RE: Increased Kuang2 activity"
Maybe in reply to: Patrick Fish: "Suspicious file on Desktop"
Reply: Brenna Primrose: "RE: Suspicious file on Desktop"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT