[28585] in North American Network Operators' Group
Re: tcp port 8311?
daemon@ATHENA.MIT.EDU (Dean Robb)
Tue May 9 00:30:59 2000
Message-Id: <3.0.6.32.20000506214014.007945b0@norfolk.infi.net>
Date: Sat, 06 May 2000 21:40:14 -0400
To: kim@vphos.net
From: Dean Robb <pceasy@norfolk.infi.net>
Cc: nanog@merit.edu
In-Reply-To: <391078B5.E0E0C9EA@telus.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 12:06 PM 5/3/00 -0700, K. Graham wrote:
>
>What is the name of the log file that is generated from this program?
>Where is the log file placed in the system? Did you check to see if
>there is any residual traces of the programs in the registry? If so
>where? Do you know the name(s) of the *.vbs you have encountered?
Only one gave me solidly useful clues:
All the traces were n.*...the * being various VisualBasic-related
extensions. The one that gave me useful info was n.log - showed the modem
log and dialout times, etc, but not a list of what was transmitted. The
number the modem dialed was XXX'd out; and the transmission stats showed
the 10megs. The end user confirmed that, although he was doing some VB6
programming for a class, it wasn't his script and that no one was home at
the time the dialout occured.
Unfortunately, the system was unstable as hell and I was lucky to get this
data before it crashed completely; W98 wouldn't load at all because of
(suspected) corrupted files. Before it crashed completely (and the reason
the end user called me) was that upon W98 boot, a system error would be
displayed saying RPCSS.dll had caused a GP fault in OLE32 and then a VB
debug session would start and freeze.
The other encounter showed similar symptoms but left no clues that I could
find.
>Virus_Research@NAI.com, samples@f-secure.com, and support@sophos.com
>all are addresses where suspect files can be sent. They prefer them in
>a zip format before accepting them.
If I'd been able to get samples, I'd surely forward them. Bet these
clients keep their McAfee updated and running from now on :).
"Microsoft is not a monopoly!" - Bill Gates "HA!" - Judge Jackson
Dean Robb
Owner, PC-EASY
(757) 495-EASY [3279]
On-site computer services
Member, ICANN @Large
