lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <acdc033d04082409471b632fa3@mail.gmail.com>
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: found suspicious desktop.ini in startup folders

This typically contains information on directory view customizations,
but can also contain some CLSID trickery for special folders, like
Favorites.


On Tue, 24 Aug 2004 09:55:59 -0500, Andrew <aburns@...mtech.com> wrote:
> I actually switched to a OS X PDC and had the same problem when
> establishing a user's intial login with a windows XP workstation rather
> than a windows 2k workstation.
> It was just a file XP put into the users' profile, and as the knowledge
> base said, just delete it from the profile on your server should fix
> the problem. If I recall correctly the reason it shows up is the
> differences in how the desktop is handled in roaming profiles between
> WinXP and Win2k. The company I work for is very small, and so I'm not
> positive on the differences for win2k3
> 
> Andrew
> 
> 
> 
> On Aug 24, 2004, at 3:35 AM, Nick FitzGerald wrote:
> 
> > BillyBobKnob wrote:
> >
> >> Does anyone know if this file is used in an exploit since it was
> >> found in
> >> startup folders ?
> >
> > Does it "come back" following a restart, or a logout/login cycle, after
> > you delete it??
> >
> >> The contents of the file are:
> >>
> >> [.ShellClassInfo]
> >> LocalizedResourceName=@...stemRoot%\system32\shell32.dll,-21787
> >
> > This KnowledgeBase article mentions precisely these file contents:
> >
> >    http://support.microsoft.com/?id=330132
> >
> > but gives no indication of what may cause its appearance on your
> > system.  The suggested "fix" is simply deletion...
> >
> >
> > Regards,
> >
> > Nick FitzGerald
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
-Micheal


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ