Trojan: Noptify.exe?
From: J Murphy (mujoh@att.net)Date: 10/08/02
- Next message: Simone28: "Software firewall and Xp firewall..."
- Previous message: Ross McKay: "Re: They can break ZoneAlarm easily !"
- Next in thread: Tracker: "Re: Trojan: Noptify.exe?"
- Reply: Tracker: "Re: Trojan: Noptify.exe?"
- Reply: Leonid Rosenboim: "Re: Trojan: Noptify.exe?"
- Reply: J Murphy: "Thanks for the replys..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "J Murphy" <mujoh@att.net> Date: Tue, 08 Oct 2002 00:23:44 GMT
OS: Windows XP Home w/SP1
I have always run software firewalls and am currently running Sygate
Personal 5.1150 which I installed recently.
Yesterday I began getting prompted to let a program called "noptify.exe"
have access for outgoing data. Program description is Noptify MFC and
resides in one of my user's Local Settings/Temp folder. There are also 2
references in my Windows/Prefetch folder.
I ran a few searches on Symantec, Google. Ran NAV & Ad-aware both with
updated definitions. Nothing comes up.
I'm assuming this is a bogus program and can be dumped and the prefetch data
removed (is this as simple as removing references from folder?).
Thanks in advance...
Anyway, Sygates details for this are:
File Version : 1, 0, 0, 1
File Description : Noptify MFC Application
File Path : C:\Documents and Settings\DAD\Local Settings\Temp\Noptify.exe
Process ID : B5C (Heximal) 2908 (Decimal)
Connection origin : local initiated
Protocol : TCP
Local Address : 12.91.6.217
Local Port : 1093
Remote Name : tracker.jamestower.com
Remote Address : 198.12.18.57
Remote Port : 80 (HTTP - World Wide Web)
Ethernet packet details:
Ethernet II (Packet Length: 62)
Destination: 01-00-20-00-01-00
Source: 00-00-01-00-00-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x80c (Correct)
Source: 12.91.6.217
Destination: 198.12.18.57
Transmission Control Protocol (TCP)
Source port: 1093
Destination port: 80
Sequence number: 742263437
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0xe3a (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 01 00 20 00 01 00 00 00 : 01 00 00 00 08 00 45 00 | .. ...........E.
0010: 00 30 03 47 40 00 80 06 : 0C 08 0C 5B 06 D9 C6 0C | .0.G@......[....
0020: 12 39 04 45 00 50 2C 3E : 0A 8D 00 00 00 00 70 02 | .9.E.P,>......p.
0030: 22 38 3A 0E 00 00 02 04 : 05 B4 01 01 04 02 | "8:...........
- Next message: Simone28: "Software firewall and Xp firewall..."
- Previous message: Ross McKay: "Re: They can break ZoneAlarm easily !"
- Next in thread: Tracker: "Re: Trojan: Noptify.exe?"
- Reply: Tracker: "Re: Trojan: Noptify.exe?"
- Reply: Leonid Rosenboim: "Re: Trojan: Noptify.exe?"
- Reply: J Murphy: "Thanks for the replys..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
