[unisog] Anyone recognize what this one is?

Peter Van Epp vanepp at sfu.ca
Thu Aug 7 19:13:31 GMT 2003


On Thu, Aug 07, 2003 at 12:53:50PM -0400, Anderson Johnston wrote:
> 
> If it's not too much trouble, would you mind posting a short description
> of the files your windows worker found (directory, name, size)?
> 
> 					Thanks,
> 						- andy
> 

	The original message had a symopsis of what looked interesting.
The first bit of it is here for reference followed by a dir listing of
the moved files:


>.The "services" that are installed are named
>
>  Microsoft Critical System Processor
>
> and
> 
>   Microsoft DHCP Routing Client
> 
> and are run out of the directory listed below.
> 
> 
> The root directory is stored in the Recycle bin, as in
> 
>   C:\Recycler\Some-long-SID\SYSTEM32
> 
> 


Here's a DIR.  Note that the files are now in \TEMP .. previously, the
were in \RECYCLER

Alan


 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32

08/02/2003  10:02p              36,864 dc.exe
08/07/2003  11:14a      <DIR>          dcomup
06/02/2003  07:09a              26,624 destroy.exe
08/04/2003  11:29a               1,075 file.sys
08/07/2003  11:14a      <DIR>          fsys
08/04/2003  02:03a                 283 fsys.txt
07/22/2002  12:05p              39,184 ftp.exe
08/05/2003  04:14p                  61 fuck.dll
08/05/2003  04:14p                   0 fuckaducker.dll
08/05/2003  04:14p                  49 fuckaduckerfuck.dll
07/26/2003  06:17p             279,552 grab.exe
06/28/2003  02:44a              86,016 id.exe
08/07/2003  11:14a      <DIR>          logs
08/05/2003  04:09p                 552 masters.dll
08/07/2003  11:14a      <DIR>          modules
08/05/2003  04:09p                 834 modules.sys
05/28/2003  07:53p              32,256 MSSvc.exe
01/03/1998  02:37p              59,392 nc.exe
06/09/2003  07:55a             121,856 pack.exe
08/04/2003  11:29a                 863 remote.ini
08/04/2003  08:35a              52,736 sd.exe
08/04/2003  02:05a                  53 servers.dll
06/05/2003  05:35p             570,880 services.exe
08/07/2003  11:14a      <DIR>          sounds
06/05/2003  04:57p              16,896 start.exe
06/05/2003  04:49p             524,800 svchost.exe
03/25/2003  05:00a             382,976 systray.exe
07/22/2002  12:05p              17,680 tftp.exe
05/15/2002  02:51p                 435 windll.sys
              24 File(s)      2,251,917 bytes

 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32\dcomup

08/07/2003  11:14a      <DIR>          .
08/07/2003  11:14a      <DIR>          ..
08/04/2003  11:28a           1,905,564 install.exe
               1 File(s)      1,905,564 bytes

 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32\fsys

08/07/2003  11:14a      <DIR>          .
08/07/2003  11:14a      <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32\logs

08/07/2003  11:14a      <DIR>          .
08/07/2003  11:14a      <DIR>          ..
               0 File(s)              0 bytes

 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32\modules

08/07/2003  11:14a      <DIR>          .
08/07/2003  11:14a      <DIR>          ..
08/04/2003  09:42a               3,707 7a69.dll
08/04/2003  08:11a               6,498 bnc.dll
08/04/2003  08:23a               1,690 drivenfo.dll
08/02/2003  01:47p              12,213 fservcontrol.dll
08/02/2003  06:05a              91,782 fserver.dll
08/04/2003  08:56a               4,012 modules.dll
08/04/2003  08:13a               1,913 nickserv.dll
08/04/2003  07:39a               4,149 processes.dll
08/04/2003  08:06a               1,150 pubcom.dll
08/04/2003  08:03a                 902 raw.dll
08/04/2003  10:33a               7,977 scan.dll
08/04/2003  08:34a               4,334 system.dll
08/04/2003  07:59a                 903 uptime.dll
              13 File(s)        141,230 bytes

 Directory of C:\temp\S-1-5-21-458573308-1249257218-1260325492-1443\system32\sou
nds

08/07/2003  11:14a      <DIR>          .
08/07/2003  11:14a      <DIR>          ..
               0 File(s)              0 bytes

     Total Files Listed:
              38 File(s)      4,298,711 bytes
              15 Dir(s)   1,797,591,040 bytes free



More information about the unisog mailing list