Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Win 95 Question

From: RSMAGILL () A1 NLHC NF CA (Rick Magill)
Date: Wed, 23 Feb 2000 00:23:08 -0330

   It sounds like it could possibly be a sub7 server trojan. Tell him to try to
   connect to austnet.... /server irc.austnet.org  They do a pretty good job of
   detecting the various trojans etc and will kill him off with a message
   directing him to a page where he can find theinstructions to remedy it.

   Rick

   Subject: Win 95 Question

  Got a question from a friend that sounded familiar but I could not
  quite place it.

  He has a few win 95 boxes that try to connect to some IRC chat rooms
  when they boot.  He can't seem to find the process that is doing this.
  I thought it sounded something like Ring Zero but not quite.  Anyone
  else seen this?

  Eric

  ---------------------------------------------------------------------
  Eric Maiwald                                        emaiwald () fred net
  So Many Hobbies, So little time
  ---------------------------------------------------------------------

          RFC-822-headers:
          Received: from nlhc.nf.ca (dun.nlhc.nf.ca)
           by OAS.NLHC.NF.CA (PMDF V5.1-8 #18316)
           with ESMTP id <01JM82SFVONW00048J () OAS NLHC NF CA> for RSMAGILL () A1 NLHC NF CA;
           Tue, 22 Feb 2000 22:18:26 NST
          Received: from lists.securityfocus.com ()
           by dun.nlhc.nf.ca with ESMTP id <115201>; Tue, 22 Feb 2000 22:18:34 -0330
          Received: from lists.securityfocus.com
           (lists.securityfocus.com ) by lists.securityfocus.com
           (Postfix) with ESMTP id A49511FC81; Tue, 22 Feb 2000 17:47:28 -0800 (PST)
          Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
           (LISTSERV-TCP/IP release 1.8d) with spool id 4756987 for
           INCIDENTS () LISTS SECURITYFOCUS COM; Tue, 22 Feb 2000 17:47:25 -0800
          Received: from securityfocus.com (securityfocus.com )
           by lists.securityfocus.com (Postfix) with SMTP id 4917829A57 for
           <incidents () lists securityfocus com>; Mon, 21 Feb 2000 16:14:35 -0800 (PST)
          Received: (qmail 2271 invoked by alias); Tue, 22 Feb 2000 00:14:35 +0000
          Received: (qmail 2260 invoked from network); Tue, 22 Feb 2000 00:14:34 +0000
          Received: from post.xecu.net (216.127.136.211) by securityfocus.com with SMTP;
           Tue, 22 Feb 2000 00:14:34 +0000
          Received: from shell.xecu.net (shell.xecu.net )
           by post.xecu.net (Postfix) with ESMTP id 7867D4742 for
           <INCIDENTS () SECURITYFOCUS COM>; Mon, 21 Feb 2000 19:13:17 -0500 (EST)
          Received: from localhost (emaiwald@localhost)
           by shell.xecu.net (8.8.8+Sun/8.8.8) with ESMTP id TAA13931 for
           <INCIDENTS () SECURITYFOCUS COM>; Mon, 21 Feb 2000 19:14:15 -0500 (EST)
          X-Sender: emaiwald () shell xecu net
          X-To: INCIDENTS () SECURITYFOCUS COM
          Delivered-to: incidents () lists securityfocus com
          Delivered-to: INCIDENTS () SECURITYFOCUS COM
          Approved-By: aleph1 () SECURITYFOCUS COM
          X-Authentication-warning: shell.xecu.net: emaiwald owned process doing -bs
Previous By Date Next
Previous By Thread Next

Current thread: