RE: Suspicious file on Desktop

From: Brenna Primrose (ratsat_private)
Date: Mon Feb 10 2003 - 13:12:24 PST

Next message: Eric Greenberg: "Correction: www.ethereal.com not www.ethereal.org RE: Suspicious file on Desktop"

Previous message: James C Slora Jr: "RE: Increased Kuang2 activity"
In reply to: Patrick Fish: "Suspicious file on Desktop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

By chance do you run or have you ever run any webcam programs such as
TeVeo?  TeVeo creates a file called startup.log which looks similar.  I
have seen this file appear on my desktop from time to time: it also is
clear that the file is for the camera and IP logging purposes.  However,
this does not mean that older versions of this software do the same.

Here's an example of the logfile created when I turned my camera on and
viewed it from the same machine:

CONNECTION: [02/10/03 21:08 UTC] 127.0.0.1

Brenna


*********************************************************
http://gsa.creighton.edu/members/~drxlecter/brenna.htm 
http://profiles.yahoo.com/absolut_contagion   
AIM - absolutxpsycho           
ICQ - 1363187              
YIM - absolut_contagion    
MSN - r00tat_private   
*********************************************************

>>-----Original Message-----
>>From: Patrick Fish [mailto:patrickat_private]
>>Sent: Monday, February 10, 2003 4:12 AM
>>To: incidentsat_private
>>Subject: Suspicious file on Desktop
>>
>>Hi,
>>
>>I've been trying to figure out why there is a "Startup.log" file on my
>>desktop. I've searched mail archives and google, but didn't find
anything
>>about this. The file contains:
>>
>>(Last octet of IP removed)
>>CONNECTION: [01/26/03 21:50 UTC] 62.163.176.xx
>>CONNECTION: [01/26/03 21:56 UTC] 67.192.41.xxx
>>CONNECTION: [01/26/03 22:01 UTC] 67.192.41.xxx
>>CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
>>CONNECTION: [02/06/03 08:46 UTC] 65.65.81.xxx
>>CONNECTION: [02/06/03 08:49 UTC] 80.194.40.xxx
>>CONNECTION: [02/06/03 09:06 UTC] 144.134.163.xx
>>CONNECTION: [02/06/03 09:11 UTC] 216.249.81.xx
>>CONNECTION: [02/06/03 09:46 UTC] 136.165.87.xxx
>>CONNECTION: [02/06/03 09:47 UTC] 211.28.63.xxx
>>
>>
>>After resolving a few of them, these are all people I know pretty well
on
>>IRC. I can't figure out what's causing this - I don't use a mIRC
script, I
>>don't have a firewall (XP firewall is disabled) -- I do have Norton
2003
>>Pro. I'm using Windows XP Pro on Service Pack 1a, but the file was
created
>>before I installed SP1a
>>
>>I've checked my process list, and there's nothing running that
shouldn't
>>be.
>>
>>Has anything seen something similar or know what's causing this?
>>
>>
>>Thanks.
>>
>>
>>--
>>Patrick Fish
>>
>>
>>
>>----------------------------------------------------------------------
----
>>--
>>This list is provided by the SecurityFocus ARIS analyzer service.
>>For more information on this free incident handling, management
>>and tracking system please see: http://aris.securityfocus.com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Eric Greenberg: "Correction: www.ethereal.com not www.ethereal.org RE: Suspicious file on Desktop"
Previous message: James C Slora Jr: "RE: Increased Kuang2 activity"
In reply to: Patrick Fish: "Suspicious file on Desktop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 15:56:14 PST