-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Searching on other groups also there were a couple of other occurrences all
recently too. I think it might be a version of Download.Ject seeing as how
someone mentioned dragging the scrollbar placed that file on the local
system. Is it under windows/system32?
On Sunday 05 September 2004 03:40 pm, Jes wrote:
Hey list,
Rebooted my XP-box today to do a chkdsk. When it came back up my firewall
went beserk, warning me about an application called "svcnxp32.exe" trying
to connect to 82.36.152.102
I don't know what it is - I just know it has no business doing that. A
Google search for svcnxp32.exe came up blank.
After removing svcnxp32.exe from my registry and deleting the file from
C:\Windows\System32 I scanned my system with Kaspersky. No infection.
Scanned with AdAware, same result.
A RIPE WhoIs lookup on IP 82.36.152.102 shows it as belonging to
Blueyonder, apparently an Internet provider located in England. I've
emailed their abuse-department (not holding my breath though), but would
like to hear from you all if you've run into this or something similar?
Using Tiny Personal Firewall, my log showed this:
Count:1
Module:Firewall
Action:Prevented
Application:svcnxp32.exe
Access:Outbound TCP access
Object:1027 -> 82.36.152.102
(82-36-152-102.cable.ubr04.perr.blueyonder.co.uk):6667 (ircu)
Interface:[9] Intel(R) PRO/100 VE Network Connection
Time:05-September-2004 23:46:40
Regards,
Jes
- --
- -Calvin Maready
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQT4QG1vjNZV1G9miAQIv8QgAgVrx967fUw/JPMrRyVKJhy9vvGpQpOzh
JCd1N/Odj0UtDMhTEG83Tv2zJxS4384AI2MctRWD+DkXdXyG1S+Us/PI2lJqCdr7
A3mIC2BPqT/G4TipolU1HGrA5gwXrm/ZtWRRyvqmGZM1QJ2h1fnDM2j25FSEydJ+
XLPCvK6MxJ7Rq8uJpZYVH2keZcyj4aHm+m2tmSMJH+YId01O+J5LzPyZfoZSIseb
6Y6JODyDi44JGEg49KhQpw9z+5soPa6f9gQrs4aFfJ72TbZValKUMi64aZvyRt+n
Eq55QphyOq3jSvzLp7sedItGDupUYMvmLJscU8lhMJcpHVrDzX5SGQ==
=2+eQ
-----END PGP SIGNATURE-----
