Hi all we were working on a system the other day at a client's who called us in to fix a downed domain controller, his system was blue screening and so we got there and started poking around the system, we noticed something weird and wanted to ask if anyone had seen it before. I hadnt ever ... His autoexec.bat was huuge 26 megabytes to be exact. Now this computer was running nt 4 sp6a and also a ton of other stuff but none of the stuff in autoexec.bat as far as i could see was anything related to his systems, i told him he was probably hacked and that he needed to really treat this like it was a crime scene and try to save all the data so we could reconstruct later, well he said he didnt care(no wonder he was hacked ) and told me to not waste time on it he wouldnt pay me to investigate he would only pay me to fix it. I did save some of the files I thought were suspicious and was hoping someone, anyone could point me in a direction to find out what would make this autoexec.bat so big? is there any known exploits that do this type of thing? I appreciate all you help The autoexec.bat file was full of script's and code and also some old emails of his from years ago and we never got time to go thru the whole thing just enuff to make me think it was a total compromise of his system..... Sincerely Matthew S Barnes --- Outgoing mail is certified Virus Free. Barnes Technical Consulting 2002 Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 9/4/2002 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 18 2002 - 00:56:08 PDT