[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] found suspicious desktop.ini in startup folders

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Aug 2004 20:35:18 +1200

BillyBobKnob wrote:

> Does anyone know if this file is used in an exploit since it was found in
> startup folders ?

Does it "come back" following a restart, or a logout/login cycle, after 
you delete it??

> The contents of the file are:
> 
> [.ShellClassInfo]
> LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

This KnowledgeBase article mentions precisely these file contents:

   http://support.microsoft.com/?id=330132

but gives no indication of what may cause its appearance on your 
system.  The suggested "fix" is simply deletion...

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
  - From: Andrew

References:
- [Full-Disclosure] found suspicious desktop.ini in startup folders
  - From: BillyBobKnob

Prev by Date: RE: [Full-Disclosure] Possible New Malware....
Next by Date: RE: [Full-Disclosure] Possible New Malware....
Previous by thread: [Full-Disclosure] found suspicious desktop.ini in startup folders
Next by thread: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
Index(es):
- Date
- Thread