Security Incidents mailing list archives
Re: Win 95 Question
From: RSMAGILL () A1 NLHC NF CA (Rick Magill)
Date: Wed, 23 Feb 2000 00:23:08 -0330
It sounds like it could possibly be a sub7 server trojan. Tell him to try to connect to austnet.... /server irc.austnet.org They do a pretty good job of detecting the various trojans etc and will kill him off with a message directing him to a page where he can find theinstructions to remedy it. Rick Subject: Win 95 Question Got a question from a friend that sounded familiar but I could not quite place it. He has a few win 95 boxes that try to connect to some IRC chat rooms when they boot. He can't seem to find the process that is doing this. I thought it sounded something like Ring Zero but not quite. Anyone else seen this? Eric --------------------------------------------------------------------- Eric Maiwald emaiwald () fred net So Many Hobbies, So little time --------------------------------------------------------------------- RFC-822-headers: Received: from nlhc.nf.ca (dun.nlhc.nf.ca) by OAS.NLHC.NF.CA (PMDF V5.1-8 #18316) with ESMTP id <01JM82SFVONW00048J () OAS NLHC NF CA> for RSMAGILL () A1 NLHC NF CA; Tue, 22 Feb 2000 22:18:26 NST Received: from lists.securityfocus.com () by dun.nlhc.nf.ca with ESMTP id <115201>; Tue, 22 Feb 2000 22:18:34 -0330 Received: from lists.securityfocus.com (lists.securityfocus.com ) by lists.securityfocus.com (Postfix) with ESMTP id A49511FC81; Tue, 22 Feb 2000 17:47:28 -0800 (PST) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 4756987 for INCIDENTS () LISTS SECURITYFOCUS COM; Tue, 22 Feb 2000 17:47:25 -0800 Received: from securityfocus.com (securityfocus.com ) by lists.securityfocus.com (Postfix) with SMTP id 4917829A57 for <incidents () lists securityfocus com>; Mon, 21 Feb 2000 16:14:35 -0800 (PST) Received: (qmail 2271 invoked by alias); Tue, 22 Feb 2000 00:14:35 +0000 Received: (qmail 2260 invoked from network); Tue, 22 Feb 2000 00:14:34 +0000 Received: from post.xecu.net (216.127.136.211) by securityfocus.com with SMTP; Tue, 22 Feb 2000 00:14:34 +0000 Received: from shell.xecu.net (shell.xecu.net ) by post.xecu.net (Postfix) with ESMTP id 7867D4742 for <INCIDENTS () SECURITYFOCUS COM>; Mon, 21 Feb 2000 19:13:17 -0500 (EST) Received: from localhost (emaiwald@localhost) by shell.xecu.net (8.8.8+Sun/8.8.8) with ESMTP id TAA13931 for <INCIDENTS () SECURITYFOCUS COM>; Mon, 21 Feb 2000 19:14:15 -0500 (EST) X-Sender: emaiwald () shell xecu net X-To: INCIDENTS () SECURITYFOCUS COM Delivered-to: incidents () lists securityfocus com Delivered-to: INCIDENTS () SECURITYFOCUS COM Approved-By: aleph1 () SECURITYFOCUS COM X-Authentication-warning: shell.xecu.net: emaiwald owned process doing -bs
Current thread:
- Win 95 Question Eric Miawald (Feb 21)
- Re: Win 95 Question Rick Magill (Feb 22)
- Re: Win 95 Question Forman Robert (Feb 23)