[thelist] whose payload is this?

[Nick Koleszar]

Anyone come across this? It looks to me like a client/server payload.

My friend asked me for assistance on this.

He says:"There's this file I found that resides in my windows temp directory
called HIJ012.EXE -- it attribs itself as "hidden." Everytime I unhide
it and delete it, it shows up again later. Again, hidden in my
windows temp directory.

I can't figure out what it does. But it seems suspcious to me. It
does try to access the internet, but ZoneAlarm is set up to refuse
access to that program. Norton AV 2001 does not find any virus
code in it, not even with "bloodhound" set to high.

Do you have any utilities that can explore this file and maybe
indicate what it is for and what it does? Maybe it is associated with
another application on my computer, but for now I'm not sure if I
should worry about it or not."

I took a look at the code in a text editor and from the comments, it appears
to be a client which tries to contact a web server to transfer mpeg files.
There are plenty of comments about network stuff, passwords, file types
(mpeg) etc.

I thought perhaps it is part of Napster but my machine doesn't seem to have
this file so any ideas?

nk