Security Basics mailing list archives
RE: Strange files on C:\
From: "Brecrost Jones" <brecrost () hotmail com>
Date: Thu, 10 Jun 2004 13:53:30 -0600
Have you tried opening them in Notepad or a hex editor? There might be something inside that would give you a clue.
Hi all, I hope this is the right list for this kind of problem; in case this is not, please forgive me and suggest me the right ML. :-) In the last few days I noticed the following strange files in C:\ (from the date and time they seem to be created regularly, like daily or more often): 06/09/2004 05:58 PM 0 tas 06/09/2004 05:58 PM 0 tas.1 06/09/2004 07:22 PM 0 tis 06/09/2004 07:22 PM 0 tis.1 06/09/2004 03:03 PM 0 tj8 06/09/2004 03:03 PM 0 tj8.1 I have done some search in Google, but I didn't found anything relevant. My daily (nightly actually) scan with McAfee 7 Pro. fully patched and updated didn't complained about anything (actually I still have to see the scan with the very last virus definition released today); I also tried the web "FreeScan" (from McAfee) just in case it is even more updated than my installed version, but still nothing. I tried to scan with both AdAware and SpyBot fully updated, but nothing (some cookies until yesterday and even nothing today). I tried Hijack This, but I do not see anything suspicious (I didn't post the log to their forum as it was suggested because all the elements reported seem familiar to me - eventually I can post it here if you are interested on it). Both Windows Task Manager and Process Explorer (SysInternals) don't show anything unusual (I can post the Process Explorer list if you want). Do you have any idea from where these files came from? Is there any other tool/procedure I can try to identify them? Thank in advance. Di Fresco Marco http://home.comcast.net/~superdif/
_________________________________________________________________Free yourself from those irritating pop-up ads with MSn Premium. Get 2months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Strange files on C:\ Di Fresco Marco (Jun 10)
- Re: Strange files on C:\ John Groth (Jun 11)
- Message not available
- Re: Strange files on C:\ Gautam R. Singh (Jun 11)
- Re: Strange files on C:\ cvaleriy (Jun 11)
- <Possible follow-ups>
- Re: Strange files on C:\ H Carvey (Jun 11)
- RE: Strange files on C:\ Brecrost Jones (Jun 11)