I did a quick security search and found these:
FORENSIC LOG:
Infection Source:
76.160.255.111
Executables Delivered:
ftpupd.exe
txyqlyt.exe
Listen Ports Opened:
1031
1031
891
Processes Created:
MSMSGS.EXE
txyqlyt.exe
Registry Entries Modified or Created:
HKEY_LOCAL_MACHINE@...Microsoft\Wireless
It’s the IP addresses of the computers that the bug is launching from. It looks like the bug is trying to exploit MS Messenger.
More...
“The Windows Messenger from Microsoft provides Online Chat and Instant Messaging.
If you don’t use Windows Messenger, you can disable it as follows: Start -> Programs -> Windows Messenger -> Tools -> Options -> Preferences. Uncheck “Run this program when Windows Starts”.
Note: The msmsgs.exe file is located in the folder C:\Program Files\Messenger. In other cases, msmsgs.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.”
Thanks, Sarge!
I disabled Windows Messenger as you suggested. I don’t ever use it anyway.
My antiviral program identified the computer numbers. Is there anyway those numbers can be used to track the source of the attack?