Last night I was going to play some online game that uses a browser and java. Dunno why, I was curious to know which port it was using and if the connection was continuus or just to send the scores.

I started jammer 2.0, a nice firewall and analyzer I bought a few months ago. I hadn't started for a long time because I know have a little zyxel as a rounter and basic FW.

As soon as it started it asked me if taskmngr.exe was allowed to access internet... notice that it had the mirc icon. I said "allow once", but then got suspicious. I looked at my sidebar and noticed that the Taskmanger was NOT running. I opened it and noticed that the taskmanager is "taskmgr.exe".

I closed the other one and started searching on the internet. It turned out it's a trojan, it was going on IRC and maybe runnig DoS attacks!

I found a list of file and cleaned everything.

This is a good URL with some thoughts of other people:
http://www.newbie.org/help/messages/2553.html

I just read MS already released a public advisory.

The client was probably connecting to f0.ods.org (I found it in the ini files) and I think it was using port 6669 (jammer told me). Port 6669 was closed last night, when I checked, or at least unreachable. I got on port 6667 and joined a channel that was named in the ini files, but I couldn't find anyone.

Oh, BTW, I checked my firewall and noticed that I had set it to let anyone to reach my PC!!! How stupid!