Re[2]: Weird Profile in Documents and Settings

[Jyri Hovila <jyri.hovila () iki fi>]

Hi!

Check out what's the creation time of the mysterious profile folder --
does it correspond to any timed event in your network such as
network-wide backups, anti-virus software updates or anything similar?

Who owns the profile folder? (Hint: right-click on the folder, then
Properties => Security => Advanced => Owner) Is the user who owns it
Properties => local or a domain account?

If you try to remove the folder, does the system let you do it or does
it say it's in use and can't be removed?

If the profile folder can be removed, try to restart the workstation (or
server) and see if it's back right after startup. If it's not,

Yours,

Jyri

> > -----Original Message-----
> > From: Greg Wiedeman [mailto:gswcentral () attbi com] 
> > Sent: Thursday, February 20, 2003 6:38 AM
> > To: incidents () securityfocus com
> > Subject: Weird Profile in Documents and Settings
> >
> >
> >
> >
> > I have an incident where in the documents and settings in 
> > windows 2000 I 
> > have a profile show up under a number of systems where the 
> > name of the 
> > folder shows up as 3 squares. I don't know where it came from but it 
> > appears on my workstations and my servers. I don't know what 
> > it is. Does 
> > anyone know anything that would make this profile???? I have 
> > done virus 
> > scans and trojan scans along with scumware scans but all turn 
> > up negative. 
> > Thanks
> >
> > --------------------------------------------------------------
> > --------------
> >
> > Do you know the base address of the Global Offset Table (GOT) 
> > on a Solaris 8 box? CORE IMPACT does. www.securityfocus.com/core


----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core