Re: Huge Autoexec.bat

[Nick FitzGerald <nick () virus-l demon co uk>]

"Matthew S Barnes" <btc1 () alltel net> wrote:

> Hi all we were working on a system the other day at a client's who called us
> in to fix a downed domain controller, his system was blue screening and so
> we got there and started poking around the system, we noticed something
> weird and wanted to ask if anyone had seen it before. I hadnt ever ...
> His autoexec.bat was huuge 26 megabytes to be exact. Now this computer was
<<snip>>
> The autoexec.bat file was full of script's and code and also some old emails
> of his from years ago and we never got time to go thru the whole thing just
> enuff to make me think it was a total compromise of his system.....

from what you have said and without the benefit of seeing the file 
myself (and no -- please don't Email it to me!), the most likely 
reason for what you saw is file system corruption.  This also ties in
with unexplained BSODs and so on.  It _may_ be indicatve of 
(impending) hardware failure.

Further, you presented absolutely no evidence suggesting a "hack".

Maybe the threat to not pay you for "wasting time" shows your client 
was wiser than you think...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com