Newer versions of SubSeven, the popular Trojan Backdoor Virus, sets up IRC based 'SubBots' to automate invection, distribution, scanning and enable DDOS to the user. This is most likly what you are seeing. Search your favorite Anti-virus site for SubSeven 2.1 and later. Claymore the unprofound -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTSat_private]On Behalf Of dmitriw@Home Sent: Sunday, April 15, 2001 11:00 PM To: INCIDENTSat_private Subject: Fw: Help with a home computer problem. > > Last night, I was downloading some Science Fiction and Astronomy graphics. To my surprise, a > > window popped up saying, "unable to find eggdrop.conf file". I quickly > > disconnected my machine from the net and discovered that an entire new > > directory had been created. I deleted everything in that directory. Looking > > up eggdrop on Google, I found out that it's probably a program that would > > have allowed somebody to use my machine as a proxy for IRC conversations, > > allowing that person to participate in IRC but with my IP address as an > > anonymizing intermediary. > > > > The only file left after my deletions is the install log: > > [04/13/01 19:20:10] SubEgg v3.0a (1.4.2) by Quake_WrZ > > [04/13/01 19:20:10] Compiled 6/18/2000 > > [04/13/01 19:20:10] Registering extentions . . . > > [04/13/01 19:20:10] WIN: C:\WINNT > > [04/13/01 19:20:10] No command-line specified - using eggdrop as default > > [04/13/01 19:20:11] Registering extentions . . . > > [04/13/01 19:20:11] Installing files . . . > > [04/13/01 19:20:12] Installing files . . . > > [04/13/01 19:20:36] Installing basic TCLs . . . > > [04/13/01 19:20:37] Installing basic TCLs . . . > > [04/13/01 19:20:47] Creating Task Manager Object . . . > > [04/13/01 19:20:47] Moving config file to eggdrop path . . . > > [04/13/01 19:20:50] Creating Task Manager Object . . . > > [04/13/01 19:20:50] Starting Loader . . . > > [04/13/01 19:20:50] Moving config file to eggdrop path . . . > > [04/13/01 19:21:20] Setup complete > > > > I've looked for references to eggdrop and SubEgg in the registry, and in > > autoexec.bat and config.sys and all through the hard disk: nothing found. I > > also checked for any files added or modified in the last 24 hours and deleted > > one suspicious executable. There are also no environment variables set up > > referencing eggdrop that I could identify. I can see no suspicious programs > > running when I go into task manager. > > > > I'm concerned that my machine may be compromised somehow, but I need to be > > online all day working from home. Is there anything else I can do to make sure >> my machine is secure? > > > > Any help would be appreciated. > > dmitriwat_private
This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 09:24:57 PDT