[ previous ] [ next ] [ threads ]
 
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] OT Strange Virus?
 Date:  Wed, 02 Aug 2006 20:37:48 -0500
This may sound odd, but check to make sure no one has put a silly batch 
file on the system that deletes all *.jpg or *.gif files.  One simple 
windows command can wipe an entire drive of any certain type of file, 
can be put into a batch file and then run through windows scheduler just 
to be mean to someone because no anti-virus, spyware, adware scanners 
will find it since it appears to "innocent" on the outside.

For those that want to know, this command will do that :p
del *.jpg /f /s /q

Also, try turning on file permission auditing and object tracking 
security for the folder that files disappear from.  It will at least 
narrow down the possibility that someone is doing this remotly via an 
administrative share on the system.

Thanks,
Michael


Lee Sharp wrote:
> From: "Lee Sharp" <leesharp at hal dash pc dot org>
>
>> Sorry to go way off topic again, but if there is a better group of 
>> computer people around, I don't know it.  I have an odd problem that 
>> I am truly stuck on.  A Windows XP Pro system that slowly looses 
>> jpegs. Seriously.  A directory full of mixed files, and over time the 
>> jpegs, and only the jpegs, will go missing.  Only html, giffs, and 
>> movies remain... Spybot, AVG, Ad Aware, and Rootkit Revealer all show 
>> nothing.  Scanning under safe mode still shows nothing.  In 
>> desperation I scanned (With an older virus list) with UBCD 4 Win, and 
>> still nothing.  I have already lost money on this job, but I want to 
>> KNOW what is doing this...  Any thoughts?
>
> Updates to all the suggestions.  First, giffs are not immune, just 
> killed last. :-)  A folder that lost all the jpeg, and had nothing but 
> html and giffs now only has html.  Only 2 people use this system, and 
> both do not want to loose files.  AVG is already installed, and has 
> been for 2 years. When I booted the UBCD 4 Win, I ran a few other 
> anti-virus, and nothing.  I have used the sysinternals Root Kit 
> Revealer to no effect.  I looked at file mon, but this is very slow.  
> Happens over days, not hours.  Can happen anywhere on the hard drive, 
> but when it does, it will "finish" a directory tree before moving on.  
> No pictures have vanished from the desktop, for example, but they have 
> from folders on the desktop.  I have some "bait" folders, but there 
> are lots of folders and images on this system.  I will need a lot of 
> bait...  Now I am off to keep cursing. :-)
>
>                            Lee
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>