Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: tcp port 8311?

  • From: Dean Robb
  • Date: Tue May 09 00:31:42 2000

At 12:06 PM 5/3/00 -0700, K. Graham wrote:
>
>What is the name of the log file that is generated from this program?
>Where is the log file placed in the system?  Did you check to see if
>there is any residual traces of the programs in the registry? If so
>where?  Do you know the name(s) of the *.vbs you have encountered?

Only one gave me solidly useful clues:

All the traces were n.*...the * being various VisualBasic-related
extensions.  The one that gave me useful info was n.log - showed the modem
log and dialout times, etc, but not a list of what was transmitted.  The
number the modem dialed was XXX'd out; and the transmission stats showed
the 10megs.  The end user confirmed that, although he was doing some VB6
programming for a class, it wasn't his script and that no one was home at
the time the dialout occured.

Unfortunately, the system was unstable as hell and I was lucky to get this
data before it crashed completely; W98 wouldn't load at all because of
(suspected) corrupted files. Before it crashed completely (and the reason
the end user called me) was that upon W98 boot, a system error would be
displayed saying RPCSS.dll had caused a GP fault in OLE32 and then a VB
debug session would start and freeze.

The other encounter showed similar symptoms but left no clues that I could
find.

>Virus_Research@NAI.com,  samples@f-secure.com, and support@sophos.com
>all are addresses where suspect files can be sent.  They prefer them in
>a zip format before accepting them. 

If I'd been able to get samples, I'd surely forward them.  Bet these
clients keep their McAfee updated and running from now on :).



"Microsoft is not a monopoly!" - Bill Gates   "HA!" - Judge Jackson

Dean Robb
Owner, PC-EASY 
(757) 495-EASY [3279]
On-site computer services
Member, ICANN @Large





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.