Educause Security Discussion mailing list archives
Question about a file - drivez.txt
From: Erin Nettifee <enettifee () GMAIL COM>
Date: Fri, 8 Oct 2004 09:53:12 -0400
Hello, Our personal computer clinic student employees have lately seen a file on IBM laptops that have been reformatted called "drivez.txt." It appears on the top level of the C drive. We are trying to figure out if the file might be malicious; IBM tech support and Google searching have not proved fruitful. Below is an example of the content of one such file. Has anyone seen this before? If so, do you know what it is / what it is used for? Many thanks, Erin Nettifee FAS Computer Services Harvard University text output: -gC Instructed to search generically for 200. Running application - Parsed CMD line OS Version--Major 5 Minor 1 Build a28 Guessing failed, trying SPTI SPTI Access Mode Activated to Scan for Drives. Found something -- Type HTS726060M9AT00 Hzw ^R Bus 0 ID 0 Not a CD, DVD, or CD-RW drive. Skipping profile check. Found something -- Type HL-DT-STRW/DVD GCC-4Hzw ^R Bus 0 ID 0 SPTI Pass-through Successful ATAPI Return Code: 0/0/0 Returned data 0 36 70 0 0 0 0 0 2a 2e 3f 7 f1 73 29 23 Matching against 200. Profile found: 73f Found a Winner! ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Question about a file - drivez.txt Erin Nettifee (Oct 08)