+ Post New Thread
Results 1 to 10 of 10
Windows Thread, wierd things happening to teachers user areas in Technical; their desktop /user areas seem to be full of shorcuts that look likle their documents rather than the docs themselves ...
  1. #1


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303

    wierd things happening to teachers user areas

    their desktop /user areas seem to be full of shorcuts that look likle their documents rather than the docs themselves the shortcut looks something like

    C:\Windows\system32\cmd.exe /C start cmd.exe /C if exist "..\Documents\My Music\iTunes\iTunes Media\Music\uVXUA.pYXN" start "" "..\Documents\My Music\iTunes\iTunes Media\Music\uVXUA.pYXN" && start "" "What can I see la.docx" the old files are all there but hidden

    any ideas

    it also seems to of done something slightly odd to server i have permissions to users$ but on the server (and only the server) i cant get into the folder (its like uac is turned on but its not)
    Last edited by sted; 5th December 2012 at 12:52 PM.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Virus on the end users machine.

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303
    Quote Originally Posted by Geoff View Post
    Virus on the end users machine.
    sophos says no (not that i trust sophos but its what ive got)

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    I'd run something else as well across it. Spybot or Malwarebytes are pretty good. Also upload that 'uVXUA.pYXN' file to VirusTotal and see what it comes back with.

  5. #5


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303
    Quote Originally Posted by Geoff View Post
    I'd run something else as well across it. Spybot or Malwarebytes are pretty good. Also upload that 'uVXUA.pYXN' file to VirusTotal and see what it comes back with.
    the file dosent exist as far as i can see

    sophos did find cxmal/badlink-a on the server as im running a full scan now

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    It might be that sophos cleaned it up then but didn't repair the shortcuts?

  7. #7


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303
    Quote Originally Posted by Geoff View Post
    It might be that sophos cleaned it up then but didn't repair the shortcuts?
    not according to the log its found squat the server found it when i vulk shifted every .lnk file to a temp folder for later perusal

  8. #8


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303
    looking further back in the multitude of logs it has found a few issues ffs id love to get hold of the @}{*'s who write viruses

  9. #9

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,850
    Thank Post
    110
    Thanked 598 Times in 514 Posts
    Blog Entries
    1
    Rep Power
    227
    Are you sure about that? The Russian maffia aren't very nice people.

  10. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,919
    Thank Post
    231
    Thanked 900 Times in 775 Posts
    Rep Power
    303
    Quote Originally Posted by Geoff View Post
    Are you sure about that? The Russian maffia aren't very nice people.
    tbh i reckon as many are written by av firms as not keeps them in proffit



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 1st December 2010, 10:21 AM
  2. Moving User areas from one server to another
    By sarchs in forum Windows Server 2000/2003
    Replies: 7
    Last Post: 17th May 2010, 01:33 PM
  3. Replies: 23
    Last Post: 26th January 2010, 03:55 PM
  4. Mapping to user area on win2003 cc3
    By rama1712 in forum Windows
    Replies: 0
    Last Post: 18th February 2008, 11:37 AM
  5. Copying user areas to a new Server
    By fawkers in forum Windows
    Replies: 10
    Last Post: 2nd August 2007, 11:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •