Fog Creek Software
Discussion Board




Symptoms of a virus or just Outlook?

I've noticed recently that my system has been making uncommanded calls to the internet. My LAN modem reports that the calls were raised because of packets being sent to:

62.232.35.70, Protocol: TCP, Port: POP3 (E-Mail)

It could just be that Outlook is running even after I've shut it down, but I'm not sure who 62.232.35.70 is and it doesn't look like any of the POP3 servers I usually connect to (tiscali.co.uk and 4thenet.co.uk), which makes me think I may have caught a virus that Vshield hasn't detected.

Can anyone cast any light on this?

Thanks,
David

David Roper
Thursday, June 19, 2003

D:\ >> nslookup 62.232.35.70
Name:    bootsit-5.bootsit.com
Address:  62.232.35.70

Doesn't ring a bell? I'd be worried if not. Make sure it isn't just some alias for your normal e-mail hosts.

Brad Wilson (dotnetguy.techieswithcats.com)
Thursday, June 19, 2003

www.bootsit.com is a hosting company of some sort - among their business services is secure email hosting.

Maybe a contractor to your email host?  Or perhaps they are hosting the suspected box for someone else running POP3.  Or maybe they are hosting the box for someone else, who is in turn a contractor to your email host....

Jeff MacDonald
Thursday, June 19, 2003

Put a packet sniffer on your box and turn it on after you close Outlook.

-Thomas

Thomas
Thursday, June 19, 2003

Thanks everyone.

It looks as if the address is in someway related to my mail account on 4thenet.co.uk; at least when I remove that account netstat -a no longer reports a connection to 62.232.x.y.

Now all I need to figure out is why I end up with multiple (crashed?) copies of Outlook running......

David Roper
Thursday, June 19, 2003

http://www.whois.sc/search/?q=62.232.35.70


Thursday, June 19, 2003

*  Recent Topics

*  Fog Creek Home