Is is JS-OFFIZA. It is an invisible file that is planted in temporary internet files. I found it
with Housecall online free live realtime scanner. According to Symantec database of over 50,000
definitions, this one is new to the JS family. It's not found in their database. Just delete all the
temp internet files and that seems to delete the hidden file JS-OFFIZA. Another scan with Housecall
will reveal that it is removed. It may be harmless, but then again maybe not. Time will tell if it
has any time delay dregs laying around.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
Trace reveals Plano Texas for the URL...
06/04/03 19:39:47 IP block
http://meshier.com Trying 68.74.55.75 at ARIN Trying 68.74.55 at ARIN
OrgName: Ameritech Electronic Commerce OrgID: AMER Address: 2701 W 15th ST City: Plano StateProv: TX
PostalCode: 75075 Country: US
NetRange: 68.72.0.0 - 68.78.255.255
CIDR: 68.72.0.0/14, 68.76.0.0/15, 68.78.0.0/16 NetName: SBCIS-AMER-100902 NetHandle:
NET-68-72-0-0-1 Parent: NET-68-0-0-0-0 NetType: Direct Allocation NameServer:
NS1.AMERITECH.NET NameServer: NS2.AMERITECH.NET Comment: Comment: Contact
[email protected] for general IP support. Comment: Contact
[email protected] for technical support issues. Comment: Contact
[email protected]
for policy abuse issues. RegDate: 2002-10-15 Updated: 2003-02-21
TechHandle: IPADM3-ARIN TechName: IPAdmin-Ameritech TechPhone: +1-888-212-5411 TechEmail:
[email protected]
OrgAbuseHandle: ABUSE7-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-888-212-5411 OrgAbuseEmail:
[email protected]
OrgNOCHandle: SUPPO-ARIN OrgNOCName: Support - Southwestern Bell Internet Services OrgNOCPhone:
+1-888-212-5411 OrgNOCEmail:
[email protected]
OrgTechHandle: IPADM4-ARIN OrgTechName: IPAdmin-Ameritech OrgTechPhone: +1-888-212-5411
OrgTechEmail:
[email protected]
-------------------------------------------------
Oscar Mannheim from telia.net, source is Amsterdam.
06/04/03 19:47:09 IP block
http://www.telia.net Trying 194.237.174.108 at ARIN Trying
194.237.174 at ARIN
OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City:
Amsterdam StateProv: PostalCode: Country: NL
NetRange: 194.0.0.0 - 194.255.255.255
CIDS: 194.0.0.0/8 NetName: RIPE-CBLK2 NetHandle: NET-194-0-0-0-1 Parent: NetType: Allocated to
RIPE NCC NameServer: NS.RIPE.NET NameServer: NS2.NIC.FR NameServer: SUNIC.SUNET.SE
NameServer: AUTH03.NS.UU.NET NameServer: MUNNARI.OZ.AU NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have
been further assigned to users in Comment: the RIPE NCC region. Contact information can
be found in Comment: the RIPE database at
http://www.ripe.net/whois RegDate: 1993-07-21
Updated: 2003-04-25
OrgTechHandle: RIPE-NCC-ARIN OrgTechName: RIPE NCC Hostmaster OrgTechPhone: +31 20 535 4444
OrgTechEmail:
[email protected]
B-