• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

i got infected with a backdoor trojan - interesting observation...

T

TuffGuy

Diamond Member
A couple of weeks ago I had to reformat my drive and I forgot to install NAV and ZoneAlarm. A few days ago my CuteFTP stopped working. So I installed ZoneAlarm and NAV today. The file C:\windows\system\winlogon.exe keeps trying to access the internet. It's destination address is 207.68.172.253:HTTP. Looking that up I get:

Whois information for 207.68.172.253


NETWORK: NETBLK-MSN-BLK [20480]
MSN (NETBLK-MSN-BLK)
One Redmond Way
Redmond, WA 98052
US

Netname: MSN-BLK
Netblock: 207.68.128.0 - 207.68.207.255
Maintainer: MSN

Coordinator:
Microsoft (ZM39-ARIN) noc@microsoft.com
425-936-4200

Domain System inverse mapping provided by:

DNS1.CP.MSFT.NET 207.46.138.20
DNS2.CP.MSFT.NET 207.46.138.21
DNS1.TK.MSFT.NET 207.46.232.37
DNS1.DC.MSFT.NET 207.68.128.151
DNS1.SJ.MSFT.NET 207.46.97.11

Record last updated on 20-Jun-2001.
Database last updated on 24-Feb-2002 19:56:16 EDT.

hmmm...
 


<< The interesting thing is that it's trying to contact Microsoft... >>



yeah, that's strange, i think i'll go install my copy of zonealarm, which i neglected to install when i formated my HD a week and a half ago....
 
Are you running Windows XP? As far as I know the Active Registration System (you know, the thing that you use to "Activate" your copy of Windows XP) which is partially contained in winlogon.exe checks to make sure your registration is still valid by using the Internet.

Could that be whats trying to connect to Microsoft's servers? If so, then I would think its acting normal.
 
You didn't mention what version of Windows you're using....but I have "heard" that with some versions of FreeWindows XP you have to replace the winlogon.exe with a cracked version.....

Is this XP - and is it trying to call home to do the lovely product activation??

(I've heard the above things, I still use Windows 3.1 - leave me alone.)
 
Whoops, sorry I echoed you there....I had my browser with this topic up for a while, should have refreshed before replying.
 
You sure that's Microsoft?

The address is wrong. It should be One Microsoft Way. And there are no sites up at MSFT.NET.

Could be some idiot pretending to be Microsoft.
 
Well, I'm using that free version of WinXP that doesn't require activation... 😉

Anyway, I just finished doing the scan/removal in safe mode. 70,000+ files take a while to process. 🙁 anyway, I found two viruses: backdoor.trojan and backdoor.bionet.318.

---

Take a week elsewhere to work some extra hours and buy yourself a legal copy of your OS <wink> <wink>.

AnandTech Moderator
 


<< Well, I'm using that free version of WinXP that doesn't require activation... 😉 >>


Well if you're using a warezed version of XP, I wouldn't doubt that it has virii installed with it.
 


<< i got infected with a backdoor trojan >>



Heheheheheh....sounds like a homosexual condom 🙂 What happened...did it break? 😉
 


<< Well, I'm using that free version of WinXP that doesn't require activation... >>

Hmm. That free version... wasn't aware that Microsoft had been marketing a free version.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top