Posted on 2011-05-12
Medium Priority
Last Modified: 2013-12-23
How can I find how it get on server?
Question by:gaby_dj
  • 2
  • 2
LVL 66

Accepted Solution

johnb6767 earned 750 total points
ID: 35752270
Rt click it>Properties... Any MFGR information?

Whats the Date Modified on it?
LVL 44

Assisted Solution

by:Davis McCarn
Davis McCarn earned 750 total points
ID: 35753626
Unfortunately; anytime a zipped file is unzipped, the creation and modified dates will be those that are contained in the zipped file which has driven me nuts for years as it makes hunting down bad guys a lot harder.
The file is Folder Password Protect which is highly suspicious: http://www.freefixer.com/library/file/57276/
It is also quite old.
I would inspect the active user listing (especially before or after work hours) kick off the suspicious user and change their password, then start looking for Rootkits.
What version of server is it?  AD or Workgroup?

Author Comment

ID: 35756082
Windows 2003 AD
No users before or after hours, users (RDP) are very limited rights, but on the network there is an Spector360 monitoring software.
Can be a "connection" between fppsys and Spector360 processes?
LVL 44

Expert Comment

by:Davis McCarn
ID: 35756622
It doesn't seem like it; but, you should check their knowledgebase and call if necessary ( I can't without a serial number): http://www.spectorsoft.com/support/LogIn.asp?TheProduct=7&fn=4

Author Closing Comment

ID: 35870284

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question