Re: Are these Trojans?
Date: 31 Dec 2004 12:51:58 -0800
Ok, I remember opening a JPG of some redneck with a shotgun from
USENET. This must have exploited a buffer overflow in Outlook Express.
> I'm running XP Pro SP2 and use AVG free, Spybot, Ad-Aware SE and
> 2 new processes have appeared yesterday and are both loaded by
> startup as:-
> Both files are located in C:\WINDOWS\system32\
> mspmspv.exe 18.5 KB (18,976 bytes) 30 December 2004, 11:26:14
> svcxnw32.exe 18.5 KB (18,976 bytes) 30 December 2004, 18:28:59
> According to netstat, the processes are established to the following
> addresses using TCP:-
> 17-112.202-68.se.rr.com [126.96.36.199] on port 6667
> astound-64-83-195-190.mn.astound.net: [188.8.131.52] on port 6667
> I have scanned using all the installed malware/virus scanners
> above but they are not detected. I've also tried a web search but so
> Does anyone have any info about these? They look like Trojans to me.
> they get in?