Every time I try to save something on paint, it tries to connect to some random ip, eg 69.94.107.14, though the last number varies slightly (~10-50). It would be less annoying if it didn't take 5 minutes for paint to do this. Strangely, nothing irregular happens if I pull my network cable. Any idea what's going on? That ip doesn't seem very suspicious.
Is there a default copy of mspaint.exe I can compare with?
Thanks for your thoughts,
inb4 trojan
Name:
Anonymous2010-01-20 17:43
Every time I get a new program on Windows I open it in a plaintext editor with wordwrap enabled and see if there's anything suspicious. If it's packed with something nontrivial (read: not UPX or similar), then unless the software is really special, I'm just going to find an alternative.
It's surprising to a lot of people, even programmers, how much info you can get by just reading what looks like gibberish at first -- the strings, the API names that it uses, the "texture" of the code (compiler output looks different from handwritten Asm, you can even see the difference between x86, IA64, Z80, etc. if you look at enough binary, encrypted/compressed data feels really different, etc.) And of course, there are the less important but still fun things to find, such as debug symbols and source file paths (complete with username).