wscript.exe?... network.vbs?... Have I been hacked?

[Homer]

Two days ago the (previously very stable) box I have been using solely as a (dial-up, not DSL or cable) Internet gateway for my little home network became very flaky. Locking up, black screens, wouldn't shut down properly, and always connected. I could restart it OK so I started looking for problems. Scandisk OK, no corrupt system files. Then I noticed, when trying to 3-finger out of a lock-up that there was a new process running - wscript.exe - and started looking in system configuration, and there was a new start-up item - network.vbs. I killed these, and now everything is fine.
I was/am running BlackIce Defender & InoculateIt on this box, but I suspect an intruder. Other boxes on the network seem fine, no sign of these items, and PC-cillin has logged no problems.

What do you folks think?

 

[MadRat]

Did you run the UT crack?

 

[JonB]

Trojan attack. Most like came in with your e-mail, just like the I Love You (Love Bug). The "vbs" visual basic script uses wscript.exe to run. The actual network.vbs file is probably readable, since it is run-time interpreted script.

 

[Batti]

See below...

 

[Batti]

You should also scan your machine at Housecall Scanner

You have a trojan. See this link for details

 

[Homer]

Very interesting. Found the little ah heck on all three boxes, but resident and inactive on the two with limited shares on C:\. Only the gateway/server was affected. Neither PC-cillin nor InoculateIt identify this as a Trojan or worm or virus. If it came by email, it must have been through one of the others (quite possible).

Thanks.

edit: Correction. There is another *.vbs file on all three computers with the same name, located in C:\windows\samples. This does not appear to be the virus. The offensive network.vbs was located only on the internet gateway computer, and located both in C:\ and C:\windows\. This file is correctly identified by PC-cillin.