> > Last night, I was downloading some Science Fiction and Astronomy graphics. To my surprise, a > > window popped up saying, "unable to find eggdrop.conf file". I quickly > > disconnected my machine from the net and discovered that an entire new > > directory had been created. I deleted everything in that directory. Looking > > up eggdrop on Google, I found out that it's probably a program that would > > have allowed somebody to use my machine as a proxy for IRC conversations, > > allowing that person to participate in IRC but with my IP address as an > > anonymizing intermediary. > > > > The only file left after my deletions is the install log: > > [04/13/01 19:20:10] SubEgg v3.0a (1.4.2) by Quake_WrZ > > [04/13/01 19:20:10] Compiled 6/18/2000 > > [04/13/01 19:20:10] Registering extentions . . . > > [04/13/01 19:20:10] WIN: C:\WINNT > > [04/13/01 19:20:10] No command-line specified - using eggdrop as default > > [04/13/01 19:20:11] Registering extentions . . . > > [04/13/01 19:20:11] Installing files . . . > > [04/13/01 19:20:12] Installing files . . . > > [04/13/01 19:20:36] Installing basic TCLs . . . > > [04/13/01 19:20:37] Installing basic TCLs . . . > > [04/13/01 19:20:47] Creating Task Manager Object . . . > > [04/13/01 19:20:47] Moving config file to eggdrop path . . . > > [04/13/01 19:20:50] Creating Task Manager Object . . . > > [04/13/01 19:20:50] Starting Loader . . . > > [04/13/01 19:20:50] Moving config file to eggdrop path . . . > > [04/13/01 19:21:20] Setup complete > > > > I've looked for references to eggdrop and SubEgg in the registry, and in > > autoexec.bat and config.sys and all through the hard disk: nothing found. I > > also checked for any files added or modified in the last 24 hours and deleted > > one suspicious executable. There are also no environment variables set up > > referencing eggdrop that I could identify. I can see no suspicious programs > > running when I go into task manager. > > > > I'm concerned that my machine may be compromised somehow, but I need to be > > online all day working from home. Is there anything else I can do to make sure >> my machine is secure? > > > > Any help would be appreciated. > > dmitriwat_private
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 08:14:31 PDT