Have you made any DCC connections with those people at those times? That's
what it looks like.
Paul
Patrick Fish
<patrick@pwhsnet. To: incidentsat_private
com> cc: (bcc: PAUL TAYLOR/QVC)
Ext: NA Subject: Suspicious file on Desktop
02/10/2003 05:12
AM
Hi,
I've been trying to figure out why there is a "Startup.log" file on my
desktop. I've searched mail archives and google, but didn't find anything
about this. The file contains:
(Last octet of IP removed)
CONNECTION: [01/26/03 21:50 UTC] 62.163.176.xx
CONNECTION: [01/26/03 21:56 UTC] 67.192.41.xxx
CONNECTION: [01/26/03 22:01 UTC] 67.192.41.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
CONNECTION: [02/06/03 08:49 UTC] 80.194.40.xxx
CONNECTION: [02/06/03 09:06 UTC] 144.134.163.xx
CONNECTION: [02/06/03 09:11 UTC] 216.249.81.xx
CONNECTION: [02/06/03 09:46 UTC] 136.165.87.xxx
CONNECTION: [02/06/03 09:47 UTC] 211.28.63.xxx
After resolving a few of them, these are all people I know pretty well on
IRC. I can't figure out what's causing this - I don't use a mIRC script, I
don't have a firewall (XP firewall is disabled) -- I do have Norton 2003
Pro. I'm using Windows XP Pro on Service Pack 1a, but the file was created
before I installed SP1a
I've checked my process list, and there's nothing running that shouldn't
be.
Has anything seen something similar or know what's causing this?
Thanks.
--
Patrick Fish
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 12:03:08 PST