| On our lan, all our XP machines and even the server have a tiny file in the
| root of c: called tag<computername>.sys, which increments every few days and
| contains a single line: the date in yyyy-mm-dd format (ie, 2006-06-19). I
| can't find any viruses or spyware on any of the machines, and they are
| patched and scanned regularly. Anyone have any thoughts or ideas?
| Thanks.
Many *.SYS files are part of RootKits or Trojans employing RootKit Techniques. Albeit, they
aren't usually in the root "C:".
Search the registry for TAG.SYS and report back your findings. Wheere it was found, etc.
You may want to Export that branch (or branches) of the Registry where it is found for
easier documentation.
Use Threaded Display ("Group Messages by Conversation" in OE) ... Subject: IE 6 hangs without http:// header in URL ... check of the registry values below confirmed that they did not ...Norton Internet Security 2004 to Internet Security 2006. ... The two machines are disseperate machines. ... (microsoft.public.windows.inetexplorer.ie6.browser)
Re: r command security ... > system administrators didn't buy into this because they have to use these ... > features to work on different AIX machines and request me to further ... webserver and is only ever logged into by root for mounting disks with ... If a trust relationship is ... (comp.security.unix)
Re: Home Networking Again ... From the Dell,... In both machines, I can ping the router and both machines ... The Compaq lists the Dell when I look at the Network... Have you used the Registry Editor before? ... (microsoft.public.windowsxp.network_web)
"google" will open "http://www.google.com" ... check of the registry values below confirmed that they did not ...Windows XP Professional SP2, ...Norton Internet Security 2004 to Internet Security 2006. ... The two machines are disseperate machines. ... (microsoft.public.windows.inetexplorer.ie6.browser)
Re: Public disclosure of discovered vulnerabilities ... > On today's machines, they are all critical. ... the wall between root and non-root processes is a sieve. ... > buffer overrun in your web browser is pretty serious. ... (sci.crypt)
