It didn't take too much to track it down. If you read back, I was alerted after updating my AV definitions. Subsequently, I restarted after disabling System Restore and removed the offending dll's and exe alongwith the registry entry pertaining to the exe.
If you look back, you'll see that by the date of the initial post, this trojan had been on my comp for about a week.....by which time my logs have been overwritten due to a limited cache that I set. In future, you can be assured that my limits will be set higher so that this does not pass unnoticed.
Evidence? I can assure you that I pretty much spent the whole day on your site ( no others in my browser cache for the date the exe & dll appeared on my system and my memory isn't that of a stoner or goldfish....), but obviously, my current logs hold no record going back that far.
Rest assured, that I will be scouring my sys for more compelling evidence of the origins of this nuisance over the next day or two (time permitting). Obviously the word of an administrator who runs a company LAN for a living isn't good enough for you. It would seem that it is my own ill fortune that I got a little lax at home on a system that is shortly scheduled for a reinstall and lockdown.
May I enquire as to whether you guys keep server side logs on the IRC? If so, publish them raw. Personally, if someone posted a message or dropped a mail in indicating that somebody was abusing company resources I'd be duty bound to investigate on the server side, at the very least to make sure that there wasn't a server side compromise....and at best to reassure users that they weren't placing themselves at risk just by stopping by.
So far, I've seen no positive feedback or an ivestigation of your own logs. Just cries of "Prove it". That in itself is disturbing enough.
|
Threaded Mode
