Well, 3128 is also the proxy port of Winroute. Besides that there is Sub7. This trojan lets someone control Your pc remote. They can do anything on your machine that You could also do. But Sub7 does nothing when not controlled So I asume your firewall takes care of that. Besides that, I can't understand why there should be a trojan That changes the proxy settings of a pc. Do you have a cache.mycompany.com? It could also be a bug In the auto-detect proxysettings of win98 Greetz, Sander -----Original Message----- From: David Bernick [mailto:bernzat_private] Sent: Friday, July 20, 2001 10:15 PM To: incidentsat_private Subject: ANOTHER possible Windows problem? At around 3pm EST all of the Windows 98 boxes at my company suddenly turned their proxy settings on (we don't use a proxy) and set their proxy server to: cache.mycompany.com (substitute mycompany with the name of mycompany) and port 3128. Now i know port 3128 is a Squid proxy port, so i guess that makes sense, but has anyone ever seen anything like this before? the few win2k boxes are fine, as are the linux boxes. Is there a trojan or something like that where the payload changes proxy settings? or is it something else entirely? thanks! dave ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jul 22 2001 - 13:03:20 PDT