What is http://60-234-129-186.bitstream.orcon.net.nz/

[radioouman]

I have AVG installed on a Windows XP machine that I use as a server. I do not have email set up on this machine, however, every couple minutes the AVG scanner becomes active and it scans an email either going to or coming from http://60-234-129-186.bitstream.orcon.net.nz/.

Does anyone know what this is? I don't see any unusual processes running.

 

[imported_LoKe]

Text

 

[radioouman]

Kaspersky, AVG, BHODemon, and Spybot haven't found anything. I don't know what this could be.

 

[imported_LoKe]

Have you run HiJackThis?

 

[mechBgon]

My next suggestions:

1) run F-Secure's BlackLight beta to see if it happens to find a rootkit: http://www.f-secure.com/blacklight This is a small fast download and scans very quickly.

2) if you use the Kaspersky online scanner, make sure to go to the options section and use Extended Databases.

3) try the manual McAfee scanner/cleaner I wrote up in this text file. Run it in Safe Mode With Command Prompt as directed, then reboot and look at the C:\report.html file it generated.



The most likely explaination coming to mind is that your system has a keystroke logger that emails screenshots or logs of your keystrokes periodically.

1) Do you have a router and/or some firewall software on that system?

2) Is it fully patched-up, with Auto Update enabled?

3) Does it happen to have a desktop search engine such as Google Desktop installed?

 

[radioouman]

I did find some strange executables in the Windows folder. I removed them, and the registry key that was starting them. Strange how no other software caught them.

Anyway, I am running Bitlord, and it only does this while Bitlord is running.

Yes it is a fully patched system with auto-update enabled.
Yes I have a router and I allow only the ports needed to go to this server.
However, I do not have a firewall enabled other than what I get from the router with NAT.

No desktop search engines are installed.

 

[mechBgon]

I'd do steps 1, 2 & 3 that I listed above.