Re: Strange folder created

From: Charlie Tame (charlie@tames.net)
Date: 10/18/02 

From: "Charlie Tame" <charlie@tames.net>
Date: Fri, 18 Oct 2002 03:09:07 -0500

Hi. Can't answer the question directly but most Antivirus software is quick
bad at finding trojans or backdoors. I would suggest you consider a package
like TDS3 from www.diamondcs.com.au which has a 30 day trial and scan with
that too. It's a capable package and runs well on 2k Advanced Server so
should be fine for checking your system. It is not safe to rely on AV alone. 

--
Charlie
"Ho Chi Man Erio" <erio@netvigator.com> wrote in message
news:55c701c275e5$7f3d2770$37ef2ecf@TKMSFTNGXA13...
> Hi all,
>
> Do anyone experienced such a strange situation. I run a
> domain controller and Web server (w/ ASP.Net) on my Win
> 2000 server, recently I found that in the system root
> (e.g. C:\Winnt), some strange folder was created. How
> strange is that:
>
> 1. Located inside the system root, I just set the
> premission for administrators and system (Full control),
> aspnet_wp (R/W), Everyone (R).
>
> 2. The folders then auto-create after I log out the
> machine (or unattend) silently.
>
> 2. The folde was stricly ordered: 0-9A-Z(capitalized),
> totally 36 characters. the folder name are 16 character
> each, like "0123456789ABCDEF" or "FGHIJKLMNOPQRSTU", and
> the last is "UVWXYZ0123456789", totally 36.
>
> 3. The create time is not in order, usually complete
> it's "cycle" within 7 hours, and the folder contain
> nothing inside (0 byte).
>
> 4. I can delete these folders, and once I delete in the
> middle (e.g. the 1st character is "D"), it's order then
> was broken. Might be "EFGH...7890" (still in character
> order)
>
> 5. No other folders like these were found in elsewhere. No
> virus was detected (Using NAV with latest definition). No
> strange service found in the "Service".
>
> Could anyone answer me on it?

Relevant Pages

  • Re: Strange folder created
    ... > Do anyone experienced such a strange situation. ... > domain controller and Web server on my Win ... some strange folder was created. ... Located inside the system root, ...
    (microsoft.public.win2000.security)
  • [NT] Windows 2000 Default Permissions Could Allow Trojan Horse Program
    ... Full access on the system root folder ... This situation gives rise to a scenario that could enable an attacker to ... The systems primarily at risk from this vulnerability would be ...
    (Securiteam)
  • Re: Music stops playing in PowerPoint 2003 slideshow
    ... slideshow. ... The linked music files are included in the package. ... copy any presentation to the folder, make the name change in the playlst ... I changed the effect options to "Stop playing after 999 slides," ...
    (microsoft.public.powerpoint)
  • RE: OSD - Network Access Account Issue
    ... I did check the package folder permissions and went to so far as to add the ... in either the boot-CD or the package reference on the boot-CD. ... that account always had permissions to ...
    (microsoft.public.sms.admin)
  • Re: Package for CD
    ... You're welcome, Fran. ... > package the presentation without any problems. ... >> I would leave the WAV files wherever they are now. ... Click Copy to Folder ...
    (microsoft.public.powerpoint)