Hey all,
For so far I have found this file c:/netlog.txt a couple of times on some servers.
If I open the file there is a log. A log with all the logins including passwords on serv-u. I was kinda schoked coz in the file was also my own admin user and password voor serv-u.
Does someone know more about this, I think it's in some kind of rootkit.
I did research on google but didn't come further.
Greetz.
Full Version: C:/netlog.txt
Sounds like a cmdline sniffer, that collects any plaintext pw's.
scan your server for spyware etc...
Actally really searching for it on google would have told you that it is the lovgate worm (W32/Lovgate-AA ) saving possible passwords to c:\netlog.txt ...
| QUOTE |
For so far I have found this file c:/netlog.txt a couple of times on some servers. |
i wouldnt even be surpiresed if you used the worm to get on the servers
And that is why it's smart to clean the server before you use it...
hmm i think i've seen that file before, but not shure if it was at my home or not .. gonna check it anyway 
Try to delete the file.
If you get permission denied because file is in use, you are lucky. in this case the spayware/sniffer/whatever is codec by a noob.
Anyway, use Sysinternals handle tool to find out which app is using this file.
Btw: sysinternals is a site with GREAT tools, check it out.
If you get permission denied because file is in use, you are lucky. in this case the spayware/sniffer/whatever is codec by a noob.
Anyway, use Sysinternals handle tool to find out which app is using this file.
Btw: sysinternals is a site with GREAT tools, check it out.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
