RE: Unhappy face icon on NT 4 workstation
From: Bill Martin (martin.b@attbi.com)
Date: 02/15/03
- Previous message: Bob Fleck: "Re: Windows 2000 Static arp not static"
- In reply to: Sopatyk, Donna: "Unhappy face icon on NT 4 workstation"
- Next in thread: Knud Erik Højgaard: "Re: Unhappy face icon on NT 4 workstation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Martin" <martin.b@attbi.com> To: "Sopatyk, Donna" <donna.sopatyk@eds.com>, <focus-ms@lists.securityfocus.com> Date: Sat, 15 Feb 2003 00:38:37 -0700
Donna,
As for the unhappy face you speak of is nothing more than a mapping do an
ICON (icon) either as a stand alone or to a area within a DLL. In the
registry, if you do a search for "My Computer", you will be taken to an area
that that references a GUID. In the values on the right pane, you will see
something similar to:
(Default) = REG_SZ My Computer
InfoTip = Displays the files and folders on your computer
LocalizedString = @D:\WINNT\system32\shell32.dll,-9216@1033,My Computer
Under the LocalizedString, you will notice is points to a dll, and within
that DLL are ICON type images. It is possible, someone who had admin rights
changed this to point to another DLL which contained the "unhappy face". It
might even be within that DLL, I have not bothered to check.
That aside, it is also possible for the desktop to get "whacked" (yes I said
whacked cause I have no other name for it) and as a result, Icons in general
get shuffled over. In other words, where you might see a FOLDER icon, you
will see a NOTEPAD icon, etc. Where there any other problems with ICONS? If
not, I'd venture to say it was my first suggestions. None the less, the ICON
in of itself would not bother be, but that someone had admin level rights to
change this, would.
I would suggest rebuilding that system, unless you can find how someone got
in, and ensure that nothing was planted (i.e. back-doored). Good Luck
-bill-
-----Original Message-----
From: Sopatyk, Donna [mailto:donna.sopatyk@eds.com]
Sent: Thursday, February 13, 2003 1:24 PM
To: 'focus-ms@lists.securityfocus.com'
Subject: Unhappy face icon on NT 4 workstation
Hi all,
I've had some unexplained things happen on my NT 4.0 workstation. I was
having some problems with blue screening before because my palm pilot cradle
was not set up right with the baud rate. I also noticed that someone had
mapped a drive to another server with the Administrator account. I know I
don't know the password for that account, and that concerns me.
When I was checking things out, I noticed that "my computer" icon was like a
yellow unhappy face. I've never seen that before. When I placed my cursor
over it, it changed to a different icon...but no the hardware drive that it
usually looks like. After I rebooted, it went back to normal. Hasn't
happened since. I've disconnected my PC anywhere, ran a virus scan on my
machine and changed my password.
Has anyone ever heard of a unhappyface icon on NT? Virus or otherwise?
Thanks
Donna
Donna Sopatyk
MCSE+I CNA
Information Security Analyst
EDS
Phone: (403)205-2893
Pager: (403)205-2136
- Next message: shannong: "RE: Windows 2000 Static arp not static"
- Previous message: Bob Fleck: "Re: Windows 2000 Static arp not static"
- In reply to: Sopatyk, Donna: "Unhappy face icon on NT 4 workstation"
- Next in thread: Knud Erik Højgaard: "Re: Unhappy face icon on NT 4 workstation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
