Forensics help - Outgoing email

Hello,

I have a Windows 2000 Professional as my primary workstation. I have
pretty much all sorts of assorted programs and applications on this
Windows system. The Anti-Virus software on my system is the free
version of AVG from Grisoft.

Recently, I was introduced to the torrent network (primarily because I
wanted to download some Linux distros). My curiosity made me download
other audio torrents to see the efficiency of the torrent network. One
thing I have noticed on my system is that there is an email being sent
out periodically to some system (247.16.delicado.com.uy). When the
email is being sent out, the AVG Anti Virus is scanning the email, which
is how I found out about the delicado.com.uy system. I do not know what
is being sent out. Can the torrent files compromise security on your
system? Has my system been compromised and become part of a bot
network? How do I find out what is causing this email to go out? How
do I fix this problem?

Any help is much appreciated.

Thank you in advance.

Regards,

Subba Rao
castellan2004-gen@SPAMBUSTER.yahoo.com

Re: Forensics help - Outgoing email

Subba Rao wrote:
> When the
> email is being sent out, the AVG Anti Virus is scanning the email

Better configure your system to scan what comes in. Scanning what's
going out does not make sense.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

Kyle Stedman about "Personal Firewalls" in c.s.f

Re: Forensics help - Outgoing email

Subba Rao writes:

> Can the torrent files compromise security on your
> system?

Yes.

With the right registry tweaks, an executable can be masked inside a
file with any file extension and be executed.

--
Todd H.
http://www.toddh.net/

Re: Forensics help - Outgoing email

Thank you for replying. The IP address that my client is accessing is
201.221.16.247 from POP3 (110) port. My AV scanner's message is
"AutoPOP3 connecting to 247.16.delicado.com.uy". When I scanned my own
system, the following services were listed:

110 pop-3 PostOffice V.3
135 loc-srv NCS local location broker
139 netbios-ssn NETBIOS Session Service
445 microsoft-ds -
1025 listen listener RFS remote_file_sharing

I don't remember turning on POP3 service. It is not even listed in the
"Services" applet. I don't know what the last service that is listening
on port 1025. The Torrent client I am using is Azureus. How do I shut
down the port 110 and 1025 services?

Thank you in advance for any help.

Regards,

Subba Rao
castellan2004-gen@SPAMBUSTER.yahoo.com

Todd H. wrote:
> Subba Rao writes:
>
>
>>Can the torrent files compromise security on your
>>system?
>
>
> Yes.
>
> With the right registry tweaks, an executable can be masked inside a
> file with any file extension and be executed.
>

===== Original Post =====

Hello,

I have a Windows 2000 Professional as my primary workstation. I have
pretty much all sorts of assorted programs and applications on this
Windows system. The Anti-Virus software on my system is the free
version of AVG from Grisoft.

Recently, I was introduced to the torrent network (primarily because I
wanted to download some Linux distros). My curiosity made me download
other audio torrents to see the efficiency of the torrent network. One
thing I have noticed on my system is that there is an email being sent
out periodically to some system (247.16.delicado.com.uy). When the
email is being sent out, the AVG Anti Virus is scanning the email, which
is how I found out about the delicado.com.uy system. I do not know what
is being sent out. Can the torrent files compromise security on your
system? Has my system been compromised and become part of a bot
network? How do I find out what is causing this email to go out? How
do I fix this problem?

Any help is much appreciated.

Thank you in advance.

Regards,

Subba Rao
castellan2004-gen@SPAMBUSTER.yahoo.com

Re: Forensics help - Outgoing email

Thank you for replying. The IP address that my client is accessing is
201.221.16.247 from POP3 (110) port. My AV scanner's message is
"AutoPOP3 connecting to 247.16.delicado.com.uy". When I scanned my own
system, the following services were listed:

110 pop-3 PostOffice V.3
135 loc-srv NCS local location broker
139 netbios-ssn NETBIOS Session Service
445 microsoft-ds -
1025 listen listener RFS remote_file_sharing

I don't remember turning on POP3 service. It is not even listed in the
"Services" applet. I don't know what the last service that is listening
on port 1025. The Torrent client I am using is Azureus. How do I shut
down the port 110 and 1025 services?

Thank you in advance for any help.

Regards,

Subba Rao
castellan2004-gen@SPAMBUSTER.yahoo.com

Todd H. wrote:
> Subba Rao writes:
>
>
>>Can the torrent files compromise security on your
>>system?
>
>
> Yes.
>
> With the right registry tweaks, an executable can be masked inside a
> file with any file extension and be executed.
>

===== Original Post =====

Hello,

I have a Windows 2000 Professional as my primary workstation. I have
pretty much all sorts of assorted programs and applications on this
Windows system. The Anti-Virus software on my system is the free
version of AVG from Grisoft.

Recently, I was introduced to the torrent network (primarily because I
wanted to download some Linux distros). My curiosity made me download
other audio torrents to see the efficiency of the torrent network. One
thing I have noticed on my system is that there is an email being sent
out periodically to some system (247.16.delicado.com.uy). When the
email is being sent out, the AVG Anti Virus is scanning the email, which
is how I found out about the delicado.com.uy system. I do not know what
is being sent out. Can the torrent files compromise security on your
system? Has my system been compromised and become part of a bot
network? How do I find out what is causing this email to go out? How
do I fix this problem?

Any help is much appreciated.

Thank you in advance.

Regards,

Subba Rao
castellan2004-gen@SPAMBUSTER.yahoo.com