Hi, The other day I noticed a strange folder had been created on my W2K Pro machine at work. The folder had been created in C:\Documents and Settings and didn't have an account name but four or five odd looking square block characters instead. When I right click on the folder and choose "properties", it displays the name as "rrrrr". When I click on the "Security" tab, it shows my account with "Full" access and somebody else who shouldn't have access to my PC with "Full" access. I don't know who this person is but they aren't located in our office and wouldn't have physical access to my PC. I had previously restricted access to my machine to only myself and the administrator account. No other account besides administrator or my account has access to C:\ or any other drives. I religiously keep my PC up to date on all security patches. I had security logging turned on and it shows where this person connected to my machine via NTLM on the same day the weird folder was created but it doesn't show anything other than the logon/logoff session was successful. Has my account/PC been compromised? AFAIK, the only way a new folder would be created in C:\Documents and Settings\ is for "first time" logins. Can anyone help clear this up for me? Thanks ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Oct 05 2002 - 15:28:58 PDT