Re: What is: \scanned by\redstar\Parent Directory\for\-=SKBOCA=-

From: FTP Man (
Date: 07/12/03

  • Next message: Snuffy2: "USB Flash Drive as a USB Token"
    Date: Sat, 12 Jul 2003 12:36:44 -0400

    pedro wrote:

    > > When I see this in my NT4 security log, what does it mean? (see
    > > below).

    > > -----------------------
    > > Event Viewer
    > > Security log
    > > Object Access
    > > User: System
    > >
    > >
    > > Object Open:
    > > Object Server: Security
    > > Object Type: File
    > > Object Name:
    > > D:\RECYCLER\S-1-5-21-2093158801-1590382355-17523355-500\DD28\.
    > > tagged\~\scanned by\redstar\Parent Directory\for\-=SKBOCA=-

    There are more entries like this BTW

    > Looks to me like, you dropped your firewall and had a ftp service
    > installed on your system

    How does something like this actually get installed?

    Does NAV check for stuff like this?

    Any sofware I can run that will detect this stuff - and kill it ?

    > have a look at you runnin process`s & check for any ftp
    > servers runnin(probly serv-u or raiden), or remote service tools
    > like firedemon or service manager.
    > it`s also possible that the service`s have been cheekily renamed
    > as windows processes like winlogon or svchost, look for multiples
    > of these runnin then its deducting which are rquired by windows
    > to run and which maybe be part of a hack pack,

    I have noticed that something called "winlogon" always comes up as
    being shared when I restart the computer (which doesn't happen that
    often) and I always stop sharing it immediately after a re-start.

    > you never said what os you run, but i`d bet my last coin it`s win2k

    I said above that it's NT4 (NT4 Server, with SP6).

  • Next message: Snuffy2: "USB Flash Drive as a USB Token"