Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: patriciaruth

I did a quick security search and found these:

FORENSIC LOG:

Infection Source:
76.160.255.111
Executables Delivered:
ftpupd.exe
txyqlyt.exe
Listen Ports Opened:
1031
1031
891
Processes Created:
MSMSGS.EXE
txyqlyt.exe
Registry Entries Modified or Created:
HKEY_LOCAL_MACHINE@...Microsoft\Wireless

It’s the IP addresses of the computers that the bug is launching from. It looks like the bug is trying to exploit MS Messenger.

More...
“The Windows Messenger from Microsoft provides Online Chat and Instant Messaging.
If you don’t use Windows Messenger, you can disable it as follows: Start -> Programs -> Windows Messenger -> Tools -> Options -> Preferences. Uncheck “Run this program when Windows Starts”.

Note: The msmsgs.exe file is located in the folder C:\Program Files\Messenger. In other cases, msmsgs.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.”


2,066 posted on 10/23/2007 5:14:21 PM PDT by Old Sarge (This tagline in memory of FReeper 68-69TonkinGulfYachtClub)
[ Post Reply | Private Reply | To 2064 | View Replies ]

To: Old Sarge

Thanks, Sarge!

I disabled Windows Messenger as you suggested. I don’t ever use it anyway.

My antiviral program identified the computer numbers. Is there anyway those numbers can be used to track the source of the attack?


2,069 posted on 10/23/2007 10:54:04 PM PDT by patriciaruth (http://www.freerepublic.com/focus/f-news/1562436/posts)
[ Post Reply | Private Reply | To 2066 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson