Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 08/24/04
- Previous message: Yaakov Yehudi: "RE: !SPAM! RE: [Full-Disclosure] The 'good worm' from HP"
- In reply to: BillyBobKnob: "[Full-Disclosure] found suspicious desktop.ini in startup folders"
- Next in thread: Andrew: "Re: [Full-Disclosure] found suspicious desktop.ini in startup folders"
- Reply: Andrew: "Re: [Full-Disclosure] found suspicious desktop.ini in startup folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Full Disclosure <full-disclosure@lists.netsys.com> Date: Tue, 24 Aug 2004 20:35:18 +1200
BillyBobKnob wrote:
> Does anyone know if this file is used in an exploit since it was found in
> startup folders ?
Does it "come back" following a restart, or a logout/login cycle, after
you delete it??
> The contents of the file are:
>
> [.ShellClassInfo]
> LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
This KnowledgeBase article mentions precisely these file contents:
http://support.microsoft.com/?id=330132
but gives no indication of what may cause its appearance on your
system. The suggested "fix" is simply deletion...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Yaakov Yehudi: "RE: !SPAM! RE: [Full-Disclosure] The 'good worm' from HP"
- In reply to: BillyBobKnob: "[Full-Disclosure] found suspicious desktop.ini in startup folders"
- Next in thread: Andrew: "Re: [Full-Disclosure] found suspicious desktop.ini in startup folders"
- Reply: Andrew: "Re: [Full-Disclosure] found suspicious desktop.ini in startup folders"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
