"Matthew S Barnes" <btc1at_private> wrote: > Hi all we were working on a system the other day at a client's who called us > in to fix a downed domain controller, his system was blue screening and so > we got there and started poking around the system, we noticed something > weird and wanted to ask if anyone had seen it before. I hadnt ever ... > His autoexec.bat was huuge 26 megabytes to be exact. Now this computer was <<snip>> > The autoexec.bat file was full of script's and code and also some old emails > of his from years ago and we never got time to go thru the whole thing just > enuff to make me think it was a total compromise of his system..... from what you have said and without the benefit of seeing the file myself (and no -- please don't Email it to me!), the most likely reason for what you saw is file system corruption. This also ties in with unexplained BSODs and so on. It _may_ be indicatve of (impending) hardware failure. Further, you presented absolutely no evidence suggesting a "hack". Maybe the threat to not pay you for "wasting time" shows your client was wiser than you think... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 20:17:23 PDT