General discussion
-
Topic
-
Suspicious files
LockedOn a routine check of a client’s Win2K Server, I found the following files in the root of C:.
superrofl.exe, info.exe, root.exe, shell.exe, and http://ftp.txt. The txt file contained the following text:
open ur momma
bye
get CDIR.txt c:\CDIR.txtI have removed the files from the system (but kept copies). I have found no information on any attack or exploit along these lines. I was interested if anyone had information or suggestions for any other checks I should do.