H
Hausi Tellenbach
Hi all.
I have Windows XP Professional Build 2600.xpsp2.030422-1633 (Service Pack 1)
with all available Critical Updates and Service Packs from
windowsupdate.microsoft.com and also from officeupdate.microsoft.com.
My personal firewall (KPF 4.0.16) asks me to allow Notepad.exe a connection
to ftp.leo.org [131.159.72.23], Port ftp [21] as soon as I choose "Save
as..." or "Open..." in the notepad.exe...
Notepad.exe to the internet? I remember, there was TROJ_QAZ, but neither the
antivir with actual signatures, nor my investigations in the registry and
folders let me find any part of a trojan or of an other malware. I also
"asked" google, but I couldn't find any hint about this. Also Regedit and
"Search..." "containing ftp.leo.org" didn't let me find a clue.
Yes, I remember: Long time ago I was on ftp://ftp.leo.org/pub/freedb an I
droped the Icon from the IE-Adress Bar as shortcut (freedb.url) to the
desktop - is it possible, this is the reason?
After deleting freedb.url, notepad.exe didn't ask anymore to connect to the
internet - if I place the shortcut again to the desktop, Kerio ask me
again - it's reproducable. I noticed, desktop was the last place I saved a
..txt-file - so I tried to move the freedb.url to My Documents, saved a .txt
there and tried again. Now My Documents was the last place and as soon as I
choosed "Save as..." or "Open..." from notepad.exe, Kerio asked me to allow
notepad.exe to connect to the internet. I've tried it again with a test.url,
which points to a http-site - no connection asked -> only for ftp-sites.
=> If there is a .url which points to an ftp site in a folder, which was the
last place notepad stored a file, notepad.exe will try to connect to the
location of this .url as soon as I choose "Save as..." or "Open..." - No
malware, but reproducable!
So, I'm wondering, what's the reason? Can I do something to correct this
behavior? Am I the only one, who is able to reproduce this behavior?
I have Windows XP Professional Build 2600.xpsp2.030422-1633 (Service Pack 1)
with all available Critical Updates and Service Packs from
windowsupdate.microsoft.com and also from officeupdate.microsoft.com.
My personal firewall (KPF 4.0.16) asks me to allow Notepad.exe a connection
to ftp.leo.org [131.159.72.23], Port ftp [21] as soon as I choose "Save
as..." or "Open..." in the notepad.exe...
Notepad.exe to the internet? I remember, there was TROJ_QAZ, but neither the
antivir with actual signatures, nor my investigations in the registry and
folders let me find any part of a trojan or of an other malware. I also
"asked" google, but I couldn't find any hint about this. Also Regedit and
"Search..." "containing ftp.leo.org" didn't let me find a clue.
Yes, I remember: Long time ago I was on ftp://ftp.leo.org/pub/freedb an I
droped the Icon from the IE-Adress Bar as shortcut (freedb.url) to the
desktop - is it possible, this is the reason?
After deleting freedb.url, notepad.exe didn't ask anymore to connect to the
internet - if I place the shortcut again to the desktop, Kerio ask me
again - it's reproducable. I noticed, desktop was the last place I saved a
..txt-file - so I tried to move the freedb.url to My Documents, saved a .txt
there and tried again. Now My Documents was the last place and as soon as I
choosed "Save as..." or "Open..." from notepad.exe, Kerio asked me to allow
notepad.exe to connect to the internet. I've tried it again with a test.url,
which points to a http-site - no connection asked -> only for ftp-sites.
=> If there is a .url which points to an ftp site in a folder, which was the
last place notepad stored a file, notepad.exe will try to connect to the
location of this .url as soon as I choose "Save as..." or "Open..." - No
malware, but reproducable!
So, I'm wondering, what's the reason? Can I do something to correct this
behavior? Am I the only one, who is able to reproduce this behavior?