North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: tcp port 8311?
- From: Dean Robb
- Date: Tue May 09 00:31:42 2000
At 12:06 PM 5/3/00 -0700, K. Graham wrote:
>What is the name of the log file that is generated from this program?
>Where is the log file placed in the system? Did you check to see if
>there is any residual traces of the programs in the registry? If so
>where? Do you know the name(s) of the *.vbs you have encountered?
Only one gave me solidly useful clues:
All the traces were n.*...the * being various VisualBasic-related
extensions. The one that gave me useful info was n.log - showed the modem
log and dialout times, etc, but not a list of what was transmitted. The
number the modem dialed was XXX'd out; and the transmission stats showed
the 10megs. The end user confirmed that, although he was doing some VB6
programming for a class, it wasn't his script and that no one was home at
the time the dialout occured.
Unfortunately, the system was unstable as hell and I was lucky to get this
data before it crashed completely; W98 wouldn't load at all because of
(suspected) corrupted files. Before it crashed completely (and the reason
the end user called me) was that upon W98 boot, a system error would be
displayed saying RPCSS.dll had caused a GP fault in OLE32 and then a VB
debug session would start and freeze.
The other encounter showed similar symptoms but left no clues that I could
>Virus_Research@NAI.com, firstname.lastname@example.org, and email@example.com
>all are addresses where suspect files can be sent. They prefer them in
>a zip format before accepting them.
If I'd been able to get samples, I'd surely forward them. Bet these
clients keep their McAfee updated and running from now on :).
"Microsoft is not a monopoly!" - Bill Gates "HA!" - Judge Jackson
(757) 495-EASY 
On-site computer services
Member, ICANN @Large