temp.scr appears to be a ASCII file of IRC nicknames
that MIRC (irc program) uses for data in query's.
temp2.exe is a window hiding program. mirc.ini calls
it with command line options that prevent it from
displaying anything (possibly when it is messaging the
people in the temp2.scr file).
I didn't look through all the Mirc.INI files to see
exactly whats going on here however.
HTH, Erick
--- Dave Woods <dave_at_TECHWEAVERS.NET> wrote:
> One of our computers here recently became infected
> with something I have
> never seen before.
>
> When the computer starts up (winME) it opens up 2
> copies of the
> FreeExtractor prog that exctracts the following
> files:
> mirc.ini
> mirc2.ini
> mirc3.ini
> pri.ini
> 20139.txt
> gates.txt
> temp.exe
> temp2.exe
> whvlxd.dat
> temp.scr
>
> gates.txt contains a lot of ip's / domains in it
> that look to be possibly
> infected hosts that this "program" is creating as
> some of them are isp
> accounts ie port200.hs.ip.com
> temp.scr does not run (says not a valid win32 app)
__________________________________________________
Do You Yahoo!?
>From homework help to love advice, Yahoo! Experts has your answer.
http://experts.yahoo.com/
Received on Nov 02 2000
Intro
