« previous next »
Pages: [1]   Go Down

Author Topic: Mozilla/3.0 (compatible; Indy Library)  (Read 11434 times)

0 Members and 1 Guest are viewing this topic.

emy80

  • Guest
Mozilla/3.0 (compatible; Indy Library)
« on: March 10, 2006, 06:18:27 PM »
hello! Today I've installed a window component:

Microsoft .NET Framework 1.1

I have a livejournal and checking the page with my login section I've found a login with this user agent:

Mozilla/3.0 (compatible; Indy Library)

Googling for it it seeme it's a bot robot. but it wasn't detect by avast and i can't find the source file for it on my PC. Please help me!
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Mozilla/3.0 (compatible; Indy Library)
« Reply #1 on: March 10, 2006, 07:00:45 PM »
Quote from: emy80 on March 10, 2006, 06:18:27 PM
hello! Today I've installed a window component: Microsoft .NET Framework 1.1
If you using a legitimate source of Microsoft, this file and all installation should be clean.

Quote from: emy80 on March 10, 2006, 06:18:27 PM
I have a livejournal and checking the page with my login section I've found a login with this user agent:
Mozilla/3.0 (compatible; Indy Library)
Googling for it it seeme it's a bot robot. but it wasn't detect by avast and i can't find the source file for it on my PC. Please help me!
Can you rephrase? I mean, where are you seeing the agent Mozilla/3.0? Can you post a screenshot?
Logged
The best things in life are free.

emy80

  • Guest
Re: Mozilla/3.0 (compatible; Indy Library)
« Reply #2 on: March 10, 2006, 07:35:53 PM »
Quote
Quote from: emy80 on March 10, 2006, 06:18:27 PM
I have a livejournal and checking the page with my login section I've found a login with this user agent:
Mozilla/3.0 (compatible; Indy Library)
Googling for it it seeme it's a bot robot. but it wasn't detect by avast and i can't find the source file for it on my PC. Please help me!
Can you rephrase? I mean, where are you seeing the agent Mozilla/3.0? Can you post a screenshot?

the login in that site works like that: see logig01.gif
and then I check the second box: see login02.gif
« Last Edit: March 10, 2006, 08:31:11 PM by kubecj »
Logged

emy80

  • Guest
Re: Mozilla/3.0 (compatible; Indy Library)
« Reply #3 on: March 10, 2006, 07:41:36 PM »
Quote
Quote from: emy80 on March 10, 2006, 06:18:27 PM
I have a livejournal and checking the page with my login section I've found a login with this user agent:
Mozilla/3.0 (compatible; Indy Library)
Googling for it it seeme it's a bot robot. but it wasn't detect by avast and i can't find the source file for it on my PC. Please help me!
Can you rephrase? I mean, where are you seeing the agent Mozilla/3.0? Can you post a screenshot?

the manage login section of the Livejournal site is like this: see image logins.gif

I've hightlighted the logins that are suspicious. The first login was at 8:57 am and I had that IP address and I was logged in until more or less 3:00 pm. this means that the login session that scares me was created while I was logged in and I was using internet.
It seems it can be something related with the nimda worm but why avast haven't detected it? I've downloaded a software called abrViewer that required that Microsoft tool to work. this afternoon when I swithed on the PC I got the User screen telling me I had some unread e-mail. i've never got that screen before having disabled that option. And Aside from my account I've found an .NET account that i deleted. -_- What's that?
« Last Edit: March 10, 2006, 08:31:39 PM by kubecj »
Logged

kubecj

  • Guest
Re: Mozilla/3.0 (compatible; Indy Library)
« Reply #4 on: March 10, 2006, 08:28:29 PM »
I've found this:

Quote
Originally, the Indy Library is a programming library which is available at http://www.nevrona.com/Indy or http://indy.torry.net under an Open Source license. This library is included with Borland Delphi 6, 7, C++Builder 6, plus all of the Kylix versions. Unfortunately, this library is hi-jacked and abused by some Chinese spam bots.

Haven't you tested your site from some exotic browser which may use the library?

BTW: The times in your log are in GMT. In Italy, you should have +1 hour, so if you disconnected about 3PM, it's 14:00 GMT, if I'm not mistaken?
« Last Edit: March 10, 2006, 08:30:11 PM by kubecj »
Logged

emy80

  • Guest
Re: Mozilla/3.0 (compatible; Indy Library)
« Reply #5 on: March 10, 2006, 10:17:03 PM »
Quote from: kubecj on March 10, 2006, 08:28:29 PM
I've found this:

Quote
Originally, the Indy Library is a programming library which is available at http://www.nevrona.com/Indy or http://indy.torry.net under an Open Source license. This library is included with Borland Delphi 6, 7, C++Builder 6, plus all of the Kylix versions. Unfortunately, this library is hi-jacked and abused by some Chinese spam bots.

Haven't you tested your site from some exotic browser which may use the library?

BTW: The times in your log are in GMT. In Italy, you should have +1 hour, so if you disconnected about 3PM, it's 14:00 GMT, if I'm not mistaken?

unfortunately that's not my site. I'm just a user. I've submitted a report to the admin of that site but so far nobody answered me. I've scanned my system with Avast, Ewido, MS antispyware, HJT, and Spybot on safe mode and it resulted clean. ;_; I even scanned it with a Symantec fix too for W32.nimda virus but nothing came up. -_- The fact that it resulted logged it scares me because it means it would have gotten my password.
I just wanted to be sure that it was not my fault. ;_;
Logged
Pages: [1]   Go Up
« previous next »