Out of curiosity, do you run SMS at your site? This is apparently caused by a bug in how WMI security handles Unicode. The reason you can't delete the profile directory is because it's actually the SYSTEM profile. If you take a look at these forum posts, they describe the problem pretty well: http://www.myitforum.com/forums/tm.asp?m=20121&p=1&mpage=1&tmode=1 There's a hotfix available from Microsoft, too: http://support.microsoft.com/default.aspx?scid=kb;en-us;816740 Tim At 11:54 AM 6/16/2003, you wrote: >All, > >I have an incident where in the documents and settings in windows 2000 I >have a profile show up under a number of systems where the name of the >folder shows up named in Chinese (ŠLß½䵅). I don't know where it >came from but it >appears on a few of my workstations and my servers. I don't know what it >is. Does >anyone know anything that would make this profile???? I have done virus >scans, trojan scans, scumware scans, root kit research, but all turn up >negative. > >I am listed as the owner of the profile. The file NTUSER.DAT.LOG >timestamp is updated when I log on with my user ID, but it does not stay >current with the NTUSER.DAT.LOG file in my regular profile. There are no >files in any of the folders other than the standard generic ones created >by microsoft (i.e. favorites, etc.) > >If I try to remove the folder, it will tell me access is denied (though I >am the owner). Not sure if that is due to something being active that I am >trying to delete or not. > >Any thoughts? > >L ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jun 17 2003 - 18:05:54 PDT