I got a comment from Connie Perkins on annelisabeth:

It’s May 21st, and William Lu is “listening” on my computer right now, switching between IP numbers 69.50.161.126 and 69.50.171.146, both coming in on my port #1160. Does anyone know what this maggot wants???!!!! Can someone tell me how to manually close ports, and how to find out what has one opened in the first place? I keep getting spam e-mail everyday now, and I have it automatically set up to go straight to the trash can, but when I go to delete the “deleted” files, they are not there, but others are. Can this Wiliam Lu person be ratted out to anyone that will make him stop getting on my computer, I mean…isn’t there something called the “Privacy Act?” I have nothing this guy wants, unless he gets a thrill watching what I read about breast cancer!!? Ughhh!

I believe it’s a trojan, as described by McAfee.

Geekstogo has a discussion on removing it.

What’s interesting is that both machines and a third are hosted on Atrivo. One is on ESThost. I’ve sent mails to both Abuse at Atrivo and a guy at ESThost. Let’s see if they terminate this one…

If there are any programmers out there who’d consider helping me figure out what’s in a chm file, please let me know. That’s a file dropped by 69.50.188.110, which is part of this scheme.

This entry was posted on Saturday, May 21st, 2005 at 7:50 am and is filed under Preachy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.