Wow. English aside, I have no idea where to
start...there are so many questions that need to be
asked for clarification on this that I don't know
whether to sh*t or go blind!
I found something VERY VERY STRANGE on my computer
last evening...
Yeah, so did I...the user! ;-)
Okay, here's an excerpt from the email...
While writing this lines I found two another shit
directories :'(
C:\PROGRA~1\Corn Internet Soft
Filename Size CRC-32
C5EDFC35 1060 92EE5B2C [set as system
files]
cemaylou.exe 272966 70370FFB (other name
it has taken :
nxkkxpjy.exe, greyend.exe, metapoll.exe)
HOLE NAME.exe 240663 A2325E7C
logduperoad.exe 9970 25C7A91D
seek barb regs win.exe 47616 D41BE72E (other
name it has taken :
batbodypokeextra.exe)
C:\PROGRA~1\upload admin bind
Filename Size CRC-32
DELETE PLAY.exe 15526 95665A33
And I'm unable to delete any of these files !! They
are not displayed in
taskmgr, and :
--
PsKill v1.03 - local and remote process killer
Copyright (C) 2000 Mark Russinovich
http://www.sysinternals.com
Unable to kill process cemaylou.exe:
Process does not exist.
--
Okay, so you found cemaylou.exe in a directory...what
made you think that it was a process? Just b/c you
can't delete them, what makes you think that they
*would* appear in TaskManager?
I've tried to sniff all these exe names using tools
from SysInternals
but I can't find any of these o_o !!
Are you referring to FileMon and RegMon? Again...just
b/c you can't delete the files, why do you think they
are running?
What the hell is going on on my computer ?? Is Big
Brother watching me ? =)
Yes, I am. Feel free to disconnect the power to your
computer, disconnect all other cables, and throw the
system in the trash. After watching you for a while,
I've had enough fun...that thing you did the other
night was funnier than "America's Funniest Home
Videos" and "COPs" put together.
Thank you very much indeed for your help.. and sorry
for my really bad english.
It isn't your English that's the problem, dude...it's
all the Jolt cola you've been drinking, and that other
thing you did that time in that place...
=====
------------------------------------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
