Hi, Some kind of spyware/adware installed by the user?? Maybe a legit application??
Check: http://63.246.134.50/index.php Would be nice with a sample, thy. Kind regards // Med venlig hilsen Peter Kruse Securityconsultant / Virusanalyst CSIS / Kruse Security ApS http://www.krusesecurity.dk - www.csis.dk > -----Oprindelig meddelelse----- > Fra: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] P� vegne af > Michael Linke > Sendt: 17. september 2003 21:06 > Til: [EMAIL PROTECTED] > Emne: [Full-Disclosure] AMDPatchB & InstallStub > > > At one of our Computers with Internet Access, I found a > strange program running. > amdpatchB.exe(38 KB) > > This program is trying to get Internet Access while starting. > amdpatchB.exe is connecting 63.246.134.50:9900. There is a > text based protocol running on 63.246.134.50 at a service on > port 9900. See Telnet output: > ________________________________________________________ > telnet 63.246.134.50 9900 > Trying 63.246.134.50... > Connected to 63.246.134.50. > Escape character is '^]'. > NOTICE AUTH :*** Looking up your hostname > NOTICE AUTH :*** Checking Ident > NOTICE AUTH :*** Found your hostname > help > :Drones2.newiso.org 451 * :Register first. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
