Security Incidents mailing list archives
Wierd Profile in Document Settings
From: "L Whiteside" <whitesidel () hotmail com>
Date: Mon, 16 Jun 2003 11:54:30 -0400
All, I have an incident where in the documents and settings in windows 2000 I have a profile show up under a number of systems where the name of thefolder shows up named in Chinese (Lß½䵅). I don't know where it came from but it appears on a few of my workstations and my servers. I don't know what it is. Does
anyone know anything that would make this profile???? I have done virusscans, trojan scans, scumware scans, root kit research, but all turn up negative.
I am listed as the owner of the profile. The file NTUSER.DAT.LOG timestamp is updated when I log on with my user ID, but it does not stay current with the NTUSER.DAT.LOG file in my regular profile. There are no files in any of the folders other than the standard generic ones created by microsoft (i.e. favorites, etc.)
If I try to remove the folder, it will tell me access is denied (though I am the owner). Not sure if that is due to something being active that I am trying to delete or not.
Any thoughts? L _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
----------------------------------------------------------------------------Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
Current thread:
- Wierd Profile in Document Settings L Whiteside (Jun 16)
- Re: Wierd Profile in Document Settings Tim Recher (Jun 17)