Security Incidents mailing list archives

Re: Weird Profile in Documents and Settings

From: "Patrick R. Sweeney" <patsw () attbi com>
Date: Fri, 21 Feb 2003 18:36:12 -0500

One thing to note when using HFNectChk - it won't tell you to get a new
service pack, it will just tell you to get the patches applicable to the SP
you have.  If you want to close all the known, published, and fixed holes
(OK, if you want to do that there is a lot more than just patching involved)
you usually need to update SPs, and sometimes even product versions.  Also,
be aware of what applications HFNetChk scans, and which applications it does
not.  (It does not scan the entire set of MS applications for which patches
are available, nor does it scan every version of the products it does
check.)

-Patrick R. Sweeney
http://boston.craigslist.org/bos/res/8484283.html
----- Original Message -----
From: "Lucas Zaichkowsky" <Lucas () dnsys com>
To: "Greg Wiedeman" <gswcentral () attbi com>; <incidents () securityfocus com>
Sent: Thursday, February 20, 2003 6:08 PM
Subject: RE: Weird Profile in Documents and Settings

Possible file corruption or someone attempting to exploit an unpatched

hole.


First, get properties on the C drive and do an error check.  Check in both
boxes and let it reboot to perform the scan.  You should be using NTFS for
the filesystem.  If not, I encourage you to convert unless you have a

reason

for sticking with FAT.

Second, Go to windows update and make sure you have all the critical

updates

installed.

Third, install hfnetchklt (shavlik.com) and run a scan on your computer,
suppressing notes and warnings.  Install any patches it complains about.
Make sure you redownload the patches since MS updates them on occasion.

-Lucas


-----Original Message-----
From: Greg Wiedeman [mailto:gswcentral () attbi com]
Sent: Thursday, February 20, 2003 5:38 AM
To: incidents () securityfocus com
Subject: Weird Profile in Documents and Settings




I have an incident where in the documents and settings in windows 2000 I

have a profile show up under a number of systems where the name of the

folder shows up as 3 squares. I don't know where it came from but it

appears on my workstations and my servers. I don't know what it is. Does

anyone know anything that would make this profile???? I have done virus

scans and trojan scans along with scumware scans but all turn up negative.

Thanks


--------------------------------------------------------------------------

--


Do you know the base address of the Global Offset Table (GOT) on a Solaris

box?
CORE IMPACT does.
www.securityfocus.com/core


--------------------------------------------------------------------------

--


Do you know the base address of the Global Offset Table (GOT) on a Solaris

box?
CORE IMPACT does.
www.securityfocus.com/core



----------------------------------------------------------------------------

Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core

Current thread:

Weird Profile in Documents and Settings Greg Wiedeman (Feb 20)
- RE: Weird Profile in Documents and Settings Rob Shein (Feb 20)
  - Re[2]: Weird Profile in Documents and Settings Jyri Hovila (Feb 21)
- Re: Weird Profile in Documents and Settings Anders Thulin (Feb 21)
- Re: Weird Profile in Documents and Settings Gene Yoo (Feb 21)
- <Possible follow-ups>
- RE: Weird Profile in Documents and Settings Lucas Zaichkowsky (Feb 21)
  - Re: Weird Profile in Documents and Settings Patrick R. Sweeney (Feb 21)
    - RE: Weird Profile in Documents and Settings Austin Ehlers (Feb 21)
    - RE: Weird Profile in Documents and Settings Christopher Hummert (Feb 22)