Security Basics mailing list archives

Re: Strange files on C:\

From: cvaleriy <cvaleriy () ugps irtel ru>
Date: Fri, 11 Jun 2004 12:04:25 +0900


 
DFM> -----BEGIN PGP SIGNED MESSAGE-----
DFM> Hash: SHA1

DFM> Hi all,
DFM> I hope this is the right list for this kind of problem; in case this
DFM> is not, please forgive me and suggest me the right ML. :-)

DFM> In the last few days I noticed the following strange files in C:\
DFM> (from the date and time they seem to be created regularly, like daily
DFM> or more often):
DFM> 06/09/2004 05:58 PM        0 tas
DFM> 06/09/2004 05:58 PM        0 tas.1
DFM> 06/09/2004 07:22 PM        0 tis
DFM> 06/09/2004 07:22 PM        0 tis.1
DFM> 06/09/2004 03:03 PM        0 tj8
DFM> 06/09/2004 03:03 PM        0 tj8.1

DFM> I have done some search in Google, but I didn't found anything
DFM> relevant.

DFM> My daily (nightly actually) scan with McAfee 7 Pro. fully patched and
DFM> updated didn't complained about anything (actually I still have to
DFM> see the scan with the very last virus definition released today); I
DFM> also tried the web "FreeScan" (from McAfee) just in case it is even
DFM> more updated than my installed version, but still nothing.

DFM> I tried to scan with both AdAware and SpyBot fully updated, but
DFM> nothing (some cookies until yesterday and even nothing today).

DFM> I tried Hijack This, but I do not see anything suspicious (I didn't
DFM> post the log to their forum as it was suggested because all the
DFM> elements reported seem familiar to me - eventually I can post it here
DFM> if you are interested on it).

DFM> Both Windows Task Manager and Process Explorer (SysInternals) don't
DFM> show anything unusual (I can post the Process Explorer list if you
DFM> want).

DFM> Do you have any idea from where these files came from? Is there any
DFM> other tool/procedure I can try to identify them?

DFM> Thank in advance.



DFM> Di Fresco Marco
DFM> http://home.comcast.net/~superdif/

Hello !
Sorry for my bad eng...

May be files like tmp file of Half Life(counter Strike).
Size ? Some bytes or kilobytes ? Zero ?
It's regular create with this names or not ?


cvaleriy                          mailto:cvaleriy () ugps irtel ru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Strange files on C:\ Di Fresco Marco (Jun 10)
- Re: Strange files on C:\ John Groth (Jun 11)
- Message not available
  - Re: Strange files on C:\ Gautam R. Singh (Jun 11)
- Re: Strange files on C:\ cvaleriy (Jun 11)
- <Possible follow-ups>
- Re: Strange files on C:\ H Carvey (Jun 11)
- RE: Strange files on C:\ Brecrost Jones (Jun 11)