Originally posted here by Soda_Popinsky
Google for fport, by foundstone

Best tool ever for this sort of thing.
I did a fport on it and it showed that aim.exe was on this port
Uh oh! Read twice, post once (just jokin w/ ya)


Anyways it looks like the peeper trojan, as you said. The default server name is internt.exe.. but most of the time trojans will be renamed to look like a well-known application. Check in the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
That's where it starts up from. If you see aim.exe remove it.

Hope this helps.

mjk