Re: Strange files on C:\

["Gautam R. Singh" <gautam.singh () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Di,

It coulbe some legit files that your programs u installed might be
generating.  Just to be safe try to scan with Kaspersky, a few week
back I was infected by a trojan both norton and mcafee refused to
check it. After downloading Kaspersky i was able to identify it and
remove it from my system. It used to open IRC port lcuky that i had a
firewall.

Gautam

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQMlODGVQPLdR/o56EQKQlQCg7PpEzUJL5/aqTI6lIlsqrQ1CvA8AnRXb
MWCBo/ZxrNXzjn459ahH6K9H
=Tuhm
-----END PGP SIGNATURE-----

- Show quoted text -


On Wed, 9 Jun 2004 21:12:27 -0700, Di Fresco Marco <superdif () infinito it> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
> I hope this is the right list for this kind of problem; in case this
> is not, please forgive me and suggest me the right ML. :-)
>
> In the last few days I noticed the following strange files in C:\
> (from the date and time they seem to be created regularly, like daily
> or more often):
> 06/09/2004 05:58 PM     0 tas
> 06/09/2004 05:58 PM     0 tas.1
> 06/09/2004 07:22 PM     0 tis
> 06/09/2004 07:22 PM     0 tis.1
> 06/09/2004 03:03 PM     0 tj8
> 06/09/2004 03:03 PM     0 tj8.1
>
> I have done some search in Google, but I didn't found anything
> relevant.
>
> My daily (nightly actually) scan with McAfee 7 Pro. fully patched and
> updated didn't complained about anything (actually I still have to
> see the scan with the very last virus definition released today); I
> also tried the web "FreeScan" (from McAfee) just in case it is even
> more updated than my installed version, but still nothing.
>
> I tried to scan with both AdAware and SpyBot fully updated, but
> nothing (some cookies until yesterday and even nothing today).
>
> I tried Hijack This, but I do not see anything suspicious (I didn't
> post the log to their forum as it was suggested because all the
> elements reported seem familiar to me - eventually I can post it here
> if you are interested on it).
>
> Both Windows Task Manager and Process Explorer (SysInternals) don't
> show anything unusual (I can post the Process Explorer list if you
> want).
>
> Do you have any idea from where these files came from? Is there any
> other tool/procedure I can try to identify them?
>
> Thank in advance.
>
> Di Fresco Marco
> http://home.comcast.net/~superdif/
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQIVAwUBQMfew2FI2e+I8s0+AQKOUQ/+LvNayfJij66KJxZxP8XkgQdsirYWj8HY
> ByBbnWqbhsWSFlwpimTpQEsCkUtbSxv0BxnUyRLVe8voyO28n3qihoLesghOFlNA
> mN7oqalK5cah+1JLH6FMBllrqXcoV/os7bK7vKEriytm+Ff/KAaJyIF5jGsTVGF4
> 56UyXDj/RbrDSRnq3MeFPsRhMIVzzjsp10lDNaCeV9VAxcivTyMXFWdIiPo5dJ3A
> e5jydGc38eZ51LNs+j41jFCOHE8RT79i6qRb5VmtgMH+QPFNPiJWM84PORws3UA/
> 8IyHg9nI1Jz4hrjE1ac9+hsX9xbDCy8/jBJy5KtUOOylWfR55iha7iX0DAlZATyV
> MywRPf1qhH39ibgck0Caz5yjU5x93ZcxxQ6MwBF8iow8sm35hjLrIonDA+Y5B/QB
> ebGJCLY1AjtnPAGiz3Cp5apgCEVTQUyYRQt1de+IFuEeHpviIHShcIpNmERg2Pih
> 2OSQy7WaskRLDg3eZw/ksgaIzagIBP4TiupQCjz7Stmix20vtSGmPQxUreUJ1qVe
> PuK0YwjD9nfFR/KPIgbR6ltpKA2BI9ElzFFKAnUo9m9g3qB15xhrvLz+/kh4PccQ
> 3BPDfOqAG9R5firPkcQi9UmugWb0sfhtjjtu81CghLBgllCLKudv+r60o2btieC9
> zoAtfm3uVms=
> =C9hu
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------



--
Gautam R. Singh
PGP Key: http://gautam.techwhack.com/key/

NOTE: The information contained in this message is confidential and
intended only for the use of the individual or entity identified. If
the reader of this message is not the intended recipient, any
dissemination, distribution or copying of the information in this
message is strictly prohibited. If you have received this message by
error, please notify the sender immediately.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------