Security Incidents mailing list archives

RE: Suspicious file on Desktop

From: "Brenna Primrose" <rats () creighton edu>
Date: Mon, 10 Feb 2003 15:12:24 -0600

By chance do you run or have you ever run any webcam programs such as
TeVeo?  TeVeo creates a file called startup.log which looks similar.  I
have seen this file appear on my desktop from time to time: it also is
clear that the file is for the camera and IP logging purposes.  However,
this does not mean that older versions of this software do the same.

Here's an example of the logfile created when I turned my camera on and
viewed it from the same machine:

CONNECTION: [02/10/03 21:08 UTC] 127.0.0.1

Brenna


*********************************************************
http://gsa.creighton.edu/members/~drxlecter/brenna.htm 
http://profiles.yahoo.com/absolut_contagion   
AIM - absolutxpsycho           
ICQ - 1363187              
YIM - absolut_contagion    
MSN - r00t () creighton edu   
*********************************************************

-----Original Message-----
From: Patrick Fish [mailto:patrick () pwhsnet com]
Sent: Monday, February 10, 2003 4:12 AM
To: incidents () securityfocus com
Subject: Suspicious file on Desktop

Hi,

I've been trying to figure out why there is a "Startup.log" file on my
desktop. I've searched mail archives and google, but didn't find

anything

about this. The file contains:

(Last octet of IP removed)
CONNECTION: [01/26/03 21:50 UTC] 62.163.176.xx
CONNECTION: [01/26/03 21:56 UTC] 67.192.41.xxx
CONNECTION: [01/26/03 22:01 UTC] 67.192.41.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:49 UTC] 80.194.40.xxx
CONNECTION: [02/06/03 09:06 UTC] 144.134.163.xx
CONNECTION: [02/06/03 09:11 UTC] 216.249.81.xx
CONNECTION: [02/06/03 09:46 UTC] 136.165.87.xxx
CONNECTION: [02/06/03 09:47 UTC] 211.28.63.xxx


After resolving a few of them, these are all people I know pretty well

on

IRC. I can't figure out what's causing this - I don't use a mIRC

script, I

don't have a firewall (XP firewall is disabled) -- I do have Norton

Pro. I'm using Windows XP Pro on Service Pack 1a, but the file was

created

before I installed SP1a

I've checked my process list, and there's nothing running that

shouldn't

be.

Has anything seen something similar or know what's causing this?


Thanks.


--
Patrick Fish



----------------------------------------------------------------------

----

--
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Suspicious file on Desktop Patrick Fish (Feb 10)
- RE: Suspicious file on Desktop Eric Greenberg (Feb 10)
- RE: Suspicious file on Desktop Michael LaSalvia (Feb 10)
- RE: Suspicious file on Desktop Brenna Primrose (Feb 10)
- <Possible follow-ups>
- Re: Suspicious file on Desktop PAUL_TAYLOR (Feb 10)