Re: [HELP] "4HTCLVT.EXE" is trying to connect to IP:69.20.61.166 ... what's it?

phn_at_icke-reklam.ipsec.nu
Date: 04/12/04 

Date: Mon, 12 Apr 2004 11:40:28 +0000 (UTC)

Francesco <odiolaspam@tin.it> wrote:
> Hi,
> every time I connect my computer to internet, my firewall allert me about
> the program "4HTCLVT.EXE" is trying to connect to IP:69.20.61.166
> The directory is
> C:\WINDOWS\Downloaded Program Files\g7kg\
> only visible from DOS, inside this there's the file
> 4HTCLV EXE 49.152 13/05/02 15.45 4htclv.exe
> a log file with the same name contain

The ip is within "rackspace.com", a well-known spammers outfit. File
a complaint to "abuse@rackspace.com" and see if anything happens.

Try to save the session once ( ethereal, sniffer or simular software) then
save a copy of the program and it's associated files, and remove or
rename them.

Ask a wintendo-fluent person to examine the registry and remove stuff
that seems related ( this is one of the really really weak points in
the MS "security-model")

Chances are that you have a spam-sending daemon, that's why i ask you
to save a copy, if i'm correct in my guess it could be of great value
for spam-fighters to examine.

Thanks for running a firewall, and thanks for being observant and
sharing your observations with us !

( log removed )

> AVG antivirus dosn't find it, and the same is with AdAware 6.0
> I've looking for with google but I've found nothing
> Thankyou for all counsels,
> Checco 

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

Relevant Pages
Loading