BasicScanner

Description:
This is a byte scanner that scans a hardisc searching for a byte sequence.
It is written in the Java language so it should run on all platforms(/operating systems).
The java version used is 1.3.0

Purpose:
It was written because I had some maleware on my computer (windows2000 pro) and I wanted to find out which file/program caused it.

Malicious programs
I got from my firewall where on the Internet my windows logon tried to connect.
My Windows logon tried to connect to the following IP numbers:
217.170.77.146Sint Petersburg, USSR
SPB.ru
208.66.195.71Newark, Delaware, USA
208.66.194.232Sint Petersburg, Florida, USA
ISP Bruce Garret
75.126.22.226New York, New York, USA
Handymanconnection.com
from Mamar corperation
208.66.195.15New HampsHire, USA
Schedulesource.com
66.232.113.80Tampa, Florida, USA
valueaddedfeatures.com
admin contact: whois privacy protection INC
Today it is possible to find the location where a IP(computer) is located.
It is not exact until the street but very near.
Also it is possible to find the owner of the domain(Internet Adress http://...), administrative contact etceteras.
This is done by quering a whois database on the Internet.
As you can see writing these software seems big business.
They even using an incorperation for hiding themselfs.
It is also likely that those four places connect to each other, meaning working together.
So writing malicious software is a global business.
It is possible to find more but I don't have the time fore it.

How I wrote this program
Because the Internet was known it likely that the IP adress consisting out of 4 bytes should stand somewhere on the harddisc.
All I needed to do is write some program that scans all files looking if it can find a part of this 4 byte sequence.
For example: 208.66.195.71 equals to D042C347
The scanner is written in Java language so you need to install this on your computer.
To check or download this Java language goto: This place
Java is written by Sun http://www.sun.com and is free to use

How to use
Install the Java language see paragraph above.
Download this program (here)
Open a MSDos console/prompt.
Change directory with the command cd to the directory where BasicScanner.class is located.
(The source code is BasicScanner.java)
Start the scanner with: java BasicScanner
That is all
Adjust the Maximum scan size
Change the IP number (Replace the points with comma!!)
Change the place (directory) where the scan should start.


Thats all good luck


© RJHM van den Bergh, comwep.nl, All Rights Reserved