[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] found suspicious desktop.ini in startup folders

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
From: Micheal Espinola Jr <michealespinola@xxxxxxxxx>
Date: Tue, 24 Aug 2004 12:47:56 -0400

This typically contains information on directory view customizations,
but can also contain some CLSID trickery for special folders, like
Favorites.


On Tue, 24 Aug 2004 09:55:59 -0500, Andrew <aburns@xxxxxxxxxxxx> wrote:
> I actually switched to a OS X PDC and had the same problem when
> establishing a user's intial login with a windows XP workstation rather
> than a windows 2k workstation.
> It was just a file XP put into the users' profile, and as the knowledge
> base said, just delete it from the profile on your server should fix
> the problem. If I recall correctly the reason it shows up is the
> differences in how the desktop is handled in roaming profiles between
> WinXP and Win2k. The company I work for is very small, and so I'm not
> positive on the differences for win2k3
> 
> Andrew
> 
> 
> 
> On Aug 24, 2004, at 3:35 AM, Nick FitzGerald wrote:
> 
> > BillyBobKnob wrote:
> >
> >> Does anyone know if this file is used in an exploit since it was
> >> found in
> >> startup folders ?
> >
> > Does it "come back" following a restart, or a logout/login cycle, after
> > you delete it??
> >
> >> The contents of the file are:
> >>
> >> [.ShellClassInfo]
> >> LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
> >
> > This KnowledgeBase article mentions precisely these file contents:
> >
> >    http://support.microsoft.com/?id=330132
> >
> > but gives no indication of what may cause its appearance on your
> > system.  The suggested "fix" is simply deletion...
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
  - From: Benjamin Piorczig

References:
- Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
  - From: Nick FitzGerald
- Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
  - From: Andrew

Prev by Date: [Full-Disclosure] Limited buffer overflow in Painkiller 1.31
Next by Date: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
Previous by thread: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
Next by thread: Re: [Full-Disclosure] found suspicious desktop.ini in startup folders
Index(es):
- Date
- Thread