All, I have a person that contacted me after some strange files appeared in the root directory of his Windows XP box. This person is remote from me, and I don't have a lot to go on right now, but there are about 30 files that appeared in the root directory: S3no 23KB S3no.1 7KB S3no.2 4KB S3no.3 23KB S3no.4 472KB S3no.5 23KB S3no.6 7KB S3no.7 4KB S3no.8 23KB S3no.9 472KB S3no.a 23KB S3no.b 7KB S3no.c 4KB S3no.d 23KB S3no.e 472KB S3no.f 23KB S3no.g 7KB S3no.h 4KB S3no.i 23KB S3no.j 472KB S3no.k 23KB S3no.l 7KB S3no.m 4KB S3no.n 23KB S3no.o 472KB S3no.p 23KB S3no.q 7KB S3no.r 4KB S3no.s 23KB S3no.t 472KB This sounds familiar to me, but I cannot seem to find anything in my archives about this one. I also couldn't find anything relevant with a couple of searches. Does anyone have a cluebat they can smack me with? The pattern of file sizes is constant. All the files have the same date/time 6/16/2002 at 6:42pm Thanks in advance. Dave B. -- ------------------------------------------------------------ David W. Baker bakerdat_private Lead INFOSEC Engineer G023 - Secure Information Technology (703) 883-3658 The MITRE Corporation (703) 883-4589 (F) Mailstop W435 7515 Colshire Drive McLean, VA, 22102 ------------------------------------------------------------ "Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts... A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding..." - William Gibson, "Neuromancer" "640K ought to be enough for anybody." - Bill Gates, 1981 ------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 13:21:10 PDT