Ok here is link to a rar of the suspected files: http://www.ethicsdesign.com/HackLog.rar As some of you said, it looks like there is not a rootkit installed, and it looks like this was an attempt at making this box join a botnet. A kindly IRCOp has offered to both decompile the bot dll, and to remove the offending channel (#thallia), so that is taken care of. Anyway, I did manage to convince my clients that this was serious enough to warant a wipe of the data on the machine. I am waiting to see what your analysis of these files are. Thank You, Nick Jacobsen nickat_private ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 16:49:26 PST