"Matthew S Barnes" <btc1alltel.net> wrote:

> Hi all we were working on a system the other day at a client's who called us
> in to fix a downed domain controller, his system was blue screening and so
> we got there and started poking around the system, we noticed something
> weird and wanted to ask if anyone had seen it before. I hadnt ever ...
> His autoexec.bat was huuge 26 megabytes to be exact. Now this computer was
<<snip>>
> The autoexec.bat file was full of script's and code and also some old emails
> of his from years ago and we never got time to go thru the whole thing just
> enuff to make me think it was a total compromise of his system.....

from what you have said and without the benefit of seeing the file
myself (and no -- please don't Email it to me!), the most likely
reason for what you saw is file system corruption. This also ties in
with unexplained BSODs and so on. It _may_ be indicatve of
(impending) hardware failure.

Further, you presented absolutely no evidence suggesting a "hack".

Maybe the threat to not pay you for "wasting time" shows your client
was wiser than you think...

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]