There is a file available for download currently being advertised in some Usenet newsgroups. It assumes to be the old DOS VGA game Xenon2 (Xenon2.zip), but is actually a spyware generator in disguise.
The game directory appears similar to the original game setup, but the Setup executable creates a file called MSCONFIGS.EXE in the \Windows\System directory, and adds the file to the RUN section of the system registry.
I indavertently ran this file and discovered that my firewall (Sygate) reported that MSCONFIGS.EXE was attempting to connect to the Internet. I did a little Googe search and came up with this:
---------------
On Sun, 08 Aug 2004 08:03:22 GMT, <email snipped> schrieb:
>Quite simpily the best shootemup ever!
<snip>
Creates a file called ''msconfigs.exe' in (typically) C:\Windows\System32\
Tries to connect to :
tc-operator2.telecom.cc.cmu.edu [128.2.120.114], port 9500
There's also a shed load of registry changes going on, according to
TCMonitor (The Cleaner).
Post reported to abuse dept. at ntlworld.com
NOD32 and The Cleaner Professional 4.1 didn't detect anything. What is this
thing ? Adaware didn't find anything.
I know I'll probably take some heat for netcopping and
uninformed-malware-analysis but I've just got to know if this is definitely
something to worry about, or it was, actually, a spammed game.
Cordially,
Kleeb.
----------------
I ran Avast scanner on the system and it did not detect the file or anything in memory. Is this a new issue that we should address?