North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: tcp port 8311?
At 12:06 PM 5/3/00 -0700, K. Graham wrote: > >What is the name of the log file that is generated from this program? >Where is the log file placed in the system? Did you check to see if >there is any residual traces of the programs in the registry? If so >where? Do you know the name(s) of the *.vbs you have encountered? Only one gave me solidly useful clues: All the traces were n.*...the * being various VisualBasic-related extensions. The one that gave me useful info was n.log - showed the modem log and dialout times, etc, but not a list of what was transmitted. The number the modem dialed was XXX'd out; and the transmission stats showed the 10megs. The end user confirmed that, although he was doing some VB6 programming for a class, it wasn't his script and that no one was home at the time the dialout occured. Unfortunately, the system was unstable as hell and I was lucky to get this data before it crashed completely; W98 wouldn't load at all because of (suspected) corrupted files. Before it crashed completely (and the reason the end user called me) was that upon W98 boot, a system error would be displayed saying RPCSS.dll had caused a GP fault in OLE32 and then a VB debug session would start and freeze. The other encounter showed similar symptoms but left no clues that I could find. >[email protected], [email protected], and [email protected] >all are addresses where suspect files can be sent. They prefer them in >a zip format before accepting them. If I'd been able to get samples, I'd surely forward them. Bet these clients keep their McAfee updated and running from now on :). "Microsoft is not a monopoly!" - Bill Gates "HA!" - Judge Jackson Dean Robb Owner, PC-EASY (757) 495-EASY [3279] On-site computer services Member, ICANN @Large
|