Security Incidents mailing list archives
Re: Suspicious file on Desktop
From: PAUL_TAYLOR () qvc com
Date: Mon, 10 Feb 2003 12:11:54 -0500
Have you made any DCC connections with those people at those times? That's what it looks like. Paul Patrick Fish <patrick@pwhsnet. To: incidents () securityfocus com com> cc: (bcc: PAUL TAYLOR/QVC) Ext: NA Subject: Suspicious file on Desktop 02/10/2003 05:12 AM Hi, I've been trying to figure out why there is a "Startup.log" file on my desktop. I've searched mail archives and google, but didn't find anything about this. The file contains: (Last octet of IP removed) CONNECTION: [01/26/03 21:50 UTC] 62.163.176.xx CONNECTION: [01/26/03 21:56 UTC] 67.192.41.xxx CONNECTION: [01/26/03 22:01 UTC] 67.192.41.xxx CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx CONNECTION: [02/06/03 08:49 UTC] 80.194.40.xxx CONNECTION: [02/06/03 09:06 UTC] 144.134.163.xx CONNECTION: [02/06/03 09:11 UTC] 216.249.81.xx CONNECTION: [02/06/03 09:46 UTC] 136.165.87.xxx CONNECTION: [02/06/03 09:47 UTC] 211.28.63.xxx After resolving a few of them, these are all people I know pretty well on IRC. I can't figure out what's causing this - I don't use a mIRC script, I don't have a firewall (XP firewall is disabled) -- I do have Norton 2003 Pro. I'm using Windows XP Pro on Service Pack 1a, but the file was created before I installed SP1a I've checked my process list, and there's nothing running that shouldn't be. Has anything seen something similar or know what's causing this? Thanks. -- Patrick Fish ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Suspicious file on Desktop Patrick Fish (Feb 10)
- RE: Suspicious file on Desktop Eric Greenberg (Feb 10)
- RE: Suspicious file on Desktop Michael LaSalvia (Feb 10)
- RE: Suspicious file on Desktop Brenna Primrose (Feb 10)
- <Possible follow-ups>
- Re: Suspicious file on Desktop PAUL_TAYLOR (Feb 10)