name  8nl$re~1type app/octet-stream encod:base64 ?

Discussion in 'malware problems & news' started by david, Feb 17, 2002.

Thread Status:
Not open for further replies.
  1. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Hello All  nice new web site. I have something lodged in the top of my c drive The first below the c:\ drive it reads C:\_D78ez_1 what is it?  it will not delete  trojan check5 will not help. I have been reading from the old site as well as the new site. I know that you guy's are very sharp please help me.  Thank you David! :'(
     
  2. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hello ,   All when I posted which was my first,yes I am a noob. I forgot to say that , my pc was protected by Zone alarm  also EZtrust anti virus which when this problem was discovered. I remember running EZtrust in january 02 it found and isolated 7 infected files and I deleted them. Then a couple of days later I discover this whatever it is at the top of my hierarchy , the first file at the top at c;\ drive If you guy's can help I would be very thankfull David :rolleyes:
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi, david!

    What have you scanned your computer with since you've noticed this?

    Have you tried simply deleting it? Pete
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi David,

    Glad you like the new board   ;)

    In adittion to Pete's question:

    At first glance, it seems to me you are still running EZtrust? Looking at this..

    indicates to EZtrust. If my first assumption is a correct one, the fact you cannot delete it would be caused by the fact, EZTrust is a running app while trying to delete - and that will not work.

    I suggest starting your system up in the Safe Mode, and try to delete once more. Reboot as usual.

    Keep us posted!


    regards,

    paul  
     
  5. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    Paul , Hello I have tried to delete this thing on my c drive, also have tried to do a to reform and recovery, with the factory disc. I have thought of going to regedit and try to delete the string. I have tried under all condition's to delete this string of #C:\{D78E2280-A20C-11D3-9D0A-88BE10417171} that is it when I highlight it an copy an  paste from the address bar per batum. I saw that my cd rom is one level below this string is that why my factoey reform\recovery dsic won't work? The strange thing is my cd burner still works. I have had nimda an small time virus  before but nothing like this. What do you  all think? thanks David
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi david,

    Before answering your questions:

    - Is my presumption correct, you are using EZtrust  resident running?

    - did you boot into the Safe Mode and actually tried to delete from there?

    - Finally: What Operating System has been installed/are you using?

    regards.

    paul
     
  7. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

                                                                                                   Hi paul I was  using EZTRUST and took it of then tried panda anti virus thentried the cleaner with fProt , now I have Vi robot   with zone alarm . This trojan ,virus or worm has been with me for a month now that I am messing with it my pc Amd k6-2 500mgz 20gig hdis acting real funny just in the last two days . The more I try to budge this lets say virus the more the pc acts up. I ran scan disc then the defrag ran really fast . I have not tried to delete in safe mode intill you know more. I have windows 98 2nd edition. Thanks David                                                                                                                                                                
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: name  8nl$re~1type app/octet-stream encod:base

    David - basic questions:
    Have you for sure checked Add/Remove Programs tab to see if anything relating to EZ is in there that you might still be able to un-install? Or for any other programs that might relate to the problem  9programs you don't recognize/no longer use)?

    Have you checked C/A/D list for unfamiliar program listings (or one that relates to either the EZ AV or firewall program)?

    If you have, and yet don't see anything running there related to your problem: Have you got a process-monitoring program on board there, something like
    TaskInfo2000
    or ProcessExplorer from Sysinternals?
    How about Jammer?
    The Cleaners' TCMonitor?
    Agnitums' TauScanMonitor?


    Something that will actually show you all the processes that are running when your computer is on?

    If nothing else, go Start/Programs/Accessories/System Tools/System Information. Click on the 'Software Environment' plus sign to branch out the tree, then click on 'StartUp Programs' and examine them for anything relating to EZ-anything. (You can't kill a running process from the Startup Programs screen, that's wehy i'm trying to find out if have one of the others which will kill a running process, should you find one relating to your problem).

    Sounds a lot like an incomplete install of a program to me, but we'll know more when you check this other stuff out, first. Pete

    If you can kill it, you can delete it
     
  9. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hello all , Well my little brother finally admited opening an attachment, it was 9:30 our time 4:30 am your time. He said when he was opening jokes on my email,in december. He has seen me pouring over my pc so now I know that I have something that might be dormat on my pc. I am on my lunch break will be home at 4 pm 10pm your time. I downloaded taskinfo 2000for system running checks, also uninstalled all things that are needed to run the pc  down to bare bones. I think EZtrust anti virus deleted the file of the email ext. but it is still at the top of my c\drive hierarchcy. First thing you see is Desktop/ my computer/ floppy drive/ C:\drive then this program at the top  above my cdrom drive I cannot delete or do a total recovery reformat. Got to go back to work cya David
     
  10. FanJ

    FanJ Guest

    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi David,

    I suggest this:

    1.
    Go to http://www.wilders.org/downloads.htm
    And download the file called pqremove.com.
    This is the Panda Quick Remover. It will search your system for 25 'famous' viruses and if found, it will clean your system from them.
    Install this program.
    Reboot. Run it. Reboot. Run it again.

    2.
    Go to http://housecall.antivirus.com/

    And do an online virusscan.

    3.
    Go to http://www.nod32.com/
    And download and install the trial version of the anti-virus-program NOD32.
    Disable the anti-virus-program which you are running now.
    Update NOD32 so you have the latest virus-definitions.
    Do a full system scan with NOD32, as deep as possible.

    4.
    Go to http://www.wilders.org/downloads.htm

    And download the trial version of the anti-Trojan-program TDS-3.
    Look at that page for tds-3.exe
    If I was reading your posting right, you do not have at the moment an anti-Trojan-program installed; if you have such a program installed at the moment, disable it.
    Install TDS-3.
    Update TDS-3 so you have the latest definitions.
    Do a full system scan with TDS-3 as deep as possible.
    If you do not understand how to set TDS-3 up, please ask!


    Please let us know how all these scanning was going, and what was found.

    5.
    You wrote that you use ZoneAlarm.
    Is that the freeware version ZA?
    Do not give any program server rights.
    Could you give us a list of all the programs that are listed in the program-tab of ZA?
    Are there any suspicious programs there?
    If you think there is a suspicious program that was given access to the internet, just block it!
    But please, if possible, make a list of all the programs there and post it.

    6.
    If possible, please copy/paste a list shown by TaskInfo2002 of all the running applications.
    It is the list at the left panel of TaskInfo2002.

    7.
    There is a thing in your posting that I do not completely understand and that we have to find out:
    You wrote:

    Am I right when I assume that you are using Outlook Express?

    I also run W98SE.
    I also run Outlook Express.
    I also have a map like that one {   } but with other characters and numbers.
    That we have different characters/numbers here, is normal.
    But I have this map on a completely different place!
    On my system it is placed here:
    C:\WINDOWS\Application Data\Identities\
    That map {   }  contains this on my system:
    Microsoft\Outlook Express\ and that latest map contains all the .dbx files (like your IN and OUT box) and a file called cleanup.log.

    Could you tell us whether you also have that on your system like I have?


    Do not worry, in a joint effort we will solve your problem!
    If you have any questions about any thing I wrote above, please ask!

    Best regards, Jan.
     
  11. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    Hello Jan I went to wilders. org and downloaded the cleaner & up dates. When I ran it  an alarm went off, It said something like it is detecting something in the regestry changing. Do you want to continue? I anwsered yes. As far as finding trojans it came up 0. I use opera  ,  I E 6.0 ,netscape for email , mostlyyahoo, I deleted outlook express 1 year agoe for viral fear. I am starting what you said to do , Have you ever seen something at the top of your c:drive , that won't delete will not be moved? This is a lesson for me. Thanks David
     
  12. FanJ

    FanJ Guest

    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi David,

    Could you post the logfile of The Cleaner?

    If you have The Cleaner opened, File > View Logfile.
     
  13. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    4279194757 KERNEL32.DLL    C:\WINDOWS\SYSTEM\KERNEL32.DLL                               Win32 Kernel core component
    4294927153 MSGSRV32.EXE    C:\WINDOWS\SYSTEM\MSGSRV32.EXE                               Windows 32-bit VxD Message Server
    4294907297 MPREXE.EXE      C:\WINDOWS\SYSTEM\MPREXE.EXE                                 WIN32 Network Interface Service Process
    4294911945 VSMON.EXE       C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE                         TrueVector Service      
    4294935509 MINILOG.EXE     C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE                       TrueVector Basic Alert Logger
    4294943433 MSGLOOP.EXE     C:\WINDOWS\SYSTEM\MSGLOOP.EXE                                Rockwell WaveStream Message Server
    4294868057 MSG32.EXE       C:\WINDOWS\SYSTEM\MSG32.EXE                                  Rockwell WaveStream Message Server
    4294864517 mmtask.tsk      C:\WINDOWS\SYSTEM\mmtask.tsk                                 Multimedia background task support module
    4294872365 EXPLORER.EXE    C:\WINDOWS\EXPLORER.EXE                                      Windows Explorer        
    4278308341 DIRECTCD.EXE    C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE                       DirectCD Application    
    4278304329 TCA.EXE         C:\PROGRAM FILES\THE CLEANER\TCA.EXE                         The Cleaner Active Process Monitor
    4278211169 AMON.EXE        C:\PROGRAM FILES\ESET\AMON.EXE                                                        
    4278209701 POP3SCAN.EXE    C:\PROGRAM FILES\ESET\POP3SCAN.EXE                                                    
    4278219125 NOD32CC.EXE     C:\PROGRAM FILES\ESET\NOD32CC.EXE                                                    
    4278195089 ZONEALARM.EXE   C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE           ZoneAlarm                
    4294888521 IEXPLORE.EXE    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE              Internet Explorer        
    4278424417 NOTEPAD.EXE     C:\WINDOWS\NOTEPAD.EXE                     :'(                   Windows Notepad application file
    There you go the cleaner log file David
     
  14. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: name  8nl$re~1type app/octet-stream encod:base

    David - That's what you got when you clicked on 'File' and then 'View Log' from the main screen of The Cleaner? Pete

    *I see, what you copied and pasted was the report of running processes from  the TCActive component of the program.

    Fire up the main screen of TC itself (open the program), then click on 'File', 'View Log' and copy and paste that, okay?
     
  15. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    [2/18/02 4:34:04 PM] Loading options
    [2/18/02 4:34:04 PM] *** Begin Session ***
    [2/18/02 4:34:05 PM] System Is Windows 98 (4.10 (2222. A ))
    [2/18/02 4:34:05 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/18/02 4:34:05 PM] System Directory: C:\WINDOWS\SYSTEM\
    [2/18/02 4:34:05 PM] Windows Directory: C:\WINDOWS\
    [2/18/02 4:34:16 PM] Load Database
    [2/18/02 4:34:20 PM] Examining drives
    [2/18/02 4:34:20 PM] a:\
    [2/18/02 4:34:20 PM] c:\ HP_PAVILION
    [2/18/02 4:34:20 PM] m:\
    [2/18/02 4:34:37 PM] Beginning Scan
    [2/18/02 4:34:37 PM] Scanning active memory...
    [2/18/02 4:34:37 PM] Active memory scan complete.
    [2/18/02 4:34:37 PM] File Count for Drive c
    [2/18/02 4:34:49 PM] Estimated file count is 22055
    [2/18/02 4:34:49 PM] Scanning Drive c
    [2/18/02 4:49:21 PM] Final file count: 29344
    [2/18/02 4:49:21 PM] Scan Complete
    [2/18/02 4:53:53 PM] *** End Session ***
    [2/18/02 4:54:02 PM] Loading options
    [2/18/02 4:54:02 PM] *** Begin Session ***
    [2/18/02 4:54:02 PM] System Is Windows 98 (4.10 (2222. A ))
    [2/18/02 4:54:02 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/18/02 4:54:03 PM] System Directory: C:\WINDOWS\SYSTEM\
    [2/18/02 4:54:03 PM] Windows Directory: C:\WINDOWS\
    [2/18/02 4:54:24 PM] Load Database
    [2/18/02 4:54:30 PM] Examining drives
    [2/18/02 4:54:30 PM] a:\
    [2/18/02 4:54:30 PM] c:\ HP_PAVILION
    [2/18/02 4:54:30 PM] m:\
    [2/18/02 4:54:55 PM] *** End Session ***
    [2/18/02 5:49:43 PM] Loading options
    [2/18/02 5:49:43 PM] *** Begin Session ***
    [2/18/02 5:49:44 PM] System Is Windows 98 (4.10 (2222. A ))
    [2/18/02 5:49:44 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/18/02 5:49:44 PM] System Directory: C:\WINDOWS\SYSTEM\
    [2/18/02 5:49:44 PM] Windows Directory: C:\WINDOWS\
    [2/18/02 5:49:49 PM] Load Database
    [2/18/02 5:49:58 PM] *** End Session ***
    [2/18/02 5:50:12 PM] Loading options
    [2/18/02 5:50:12 PM] *** Begin Session ***
    [2/18/02 5:50:12 PM] System Is Windows 98 (4.10 (2222. A ))
    [2/18/02 5:50:12 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/18/02 5:50:12 PM] System Directory: C:\WINDOWS\SYSTEM\
    [2/18/02 5:50:12 PM] Windows Directory: C:\WINDOWS\
    [2/18/02 5:50:18 PM] Load Database
    [2/18/02 5:50:23 PM] *** End Session ***
    [2/18/02 5:50:44 PM] Loading options
    [2/18/02 5:50:44 PM] *** Begin Session ***
    [2/18/02 5:50:45 PM] System Is Windows 98 (4.10 (2222. A ))
    [2/18/02 5:50:45 PM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/18/02 5:50:45 PM] System Directory: C:\WINDOWS\SYSTEM\
    [2/18/02 5:50:45 PM] Windows Directory: C:\WINDOWS\
    [2/18/02 5:50:48 PM] Load Database
    [2/18/02 5:50:55 PM] *** End Session ***
    [2/19/02 11:26:51 AM] Loading options
    [2/19/02 11:26:51 AM] *** Begin Session ***
    [2/19/02 11:26:51 AM] System Is Windows 98 (4.10 (2222. A ))
    [2/19/02 11:26:51 AM] Local Path: C:\PROGRAM FILES\THE CLEANER\
    [2/19/02 11:26:51 AM] System Directory: C:\WINDOWS\SYSTEM\
    [2/19/02 11:26:51 AM] Windows Directory: C:\WINDOWS\
    [2/19/02 11:27:02 AM] Load Database
    [2/19/02 11:27:08 AM] Examining drives
    [2/19/02 11:27:08 AM] a:\
    [2/19/02 11:27:08 AM] c:\ HP_PAVILION
    [2/19/02 11:27:08 AM] m:\
    [2/19/02 11:30:01 AM] Beginning Scan
    [2/19/02 11:30:01 AM] Scanning active memory...
    [2/19/02 11:30:04 AM] Active memory scan complete.
    [2/19/02 11:30:04 AM] File Count for Drive c
    [2/19/02 11:30:18 AM] Estimated file count is 22276
    [2/19/02 11:30:18 AM] Scanning Drive c
    [2/19/02 11:48:42 AM] Final file count: 29586
    [2/19/02 11:48:42 AM] Scan Complete
    Hello spy1 here is the log ran just now. You say if you cant kill it delete it. I would be happy to delete it I think that EZtrust killed it, now I want to delete it. I ran my recover /reformate disc 3 days before my so call friend sent this attachment to me, now the recovery disc will not launch? Do you think that could help me? I have took the day off to work on this , please help me git rid of this 8nl$rewcz it sure is anal screws .I will keep watch for your reply. Do we have any recourse on some one who sends a damaging attachment intended to harm one system? David
     
  16. FanJ

    FanJ Guest

    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi David,

    So, The Cleaner did not found anything, is that right?

    I saw you have now NOD32 on your system.
    I guess you updated it to the latest definitions and did a full system scan as deep as possible.
    What was the result?

    Did you also run the Panda Quick Remover?
    What was the result?

    Is there perhaps a logfile on your system from EZtrust that mentions what was exactly found?


    Maybe you could also try a full system scan by KAV or KAV Lite.
    These are able to scan in stored emails.


    Do you remember how you deleted Outlook Express?
    Were you using a program for that deleting? If so, which one?


    My English is not that very good, so please explain to me what you did mean by that (I'm really sorry!).
     
  17. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

    (ð#§ ‘ýÙª!Ò:Z2dœK
    £uíÁøfðLŽÔ°t$IOeßLD³²A ô#¶hÚ®ÉïhC|œB›ò¼ÐüáYfåeƒýݸè
    FX,$«c¤’—ùÐñŠäg‘¾öÀÝC 0lðaƒýÛ¶AX(Ý[„Þ®1
    9 +hè[D©•’ÃøH hèd>üêm+
    >Pñ_æ\>Úª+ûNSkßbD©•’ÃíC fð ›÷¹ÜÑãC‚hÚ»ÖöY&fåeƒýݸ*Ò:U¸!ªå»Ñ                                                                            this is the flag you click on that said openwith I choose note pad. That spawned after theattachment opened . Can anybody figure this out?I have tried under all condition's to delete this string of #C:\{D78E2280-A20C-11D3-9D0A-88BE10417171} that is it when I highlight it an copy an paste from the address bar per batum. What I mean't was that was it how it read on my c drive .Also I am looking for my old ez trust log for you to look at  . David
     
  18. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

                 ª!Ò:Z2dœK
    £uíÁøfðLŽÔ°t$IOeßLD³²A ô#¶hÚ®ÉïhC|œB›ò¼ÐüáYfåeƒýݸè
    FX,$«c¤’—ùÐñŠäg‘¾öÀÝC 0lðaƒýÛ¶AX(Ý[„Þ®1
    9 +hè[D©•’ÃøH hèd>üêm+
    >Pñ_æ\>Úª+ûNSkßbD©•’ÃíC fð ›÷¹ÜÑãC‚hÚ»ÖöY&fåeƒýݸ*Ò:U¸!ªå»ÑñPRIVACYMAKER               C:\Program Files\ESET\$DWNLD$.TMP   I was looking for the EZ trust log when I noticed the author of this bug , worm , or whatever all my program files have the $ sign in them and he signed the thing " privacymaker" I am trying to put all I can to help you guys to identify what this is. David  FAN J. I  deleted outlook express every where I could find on the pc , except the regestry. David
     
  19. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Re: name  8nl$re~1type app/octet-stream encod:base

    If you still have the file, feel free to email it to me directly for a closer inspection.
     
  20. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: name  8nl$re~1type app/octet-stream encod:base

    David - Are you now, or have you ever, d/l'ed and run the PRIVACYMAKER program?

    Is there an Add/Remove Programs entry for it? If you have it and you're not using it, un-install it (if possible).

    Please note and respond to what i asked in a previous post: "Have you for sure checked Add/Remove Programs tab to see if anything relating to EZ is in there that you might still be able to un-install? Or for any other programs that might relate to the problem  (programs you don't recognize/no longer use)?" Pete
     
  21. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

        Hello     Paul Jan spy1 & the rest of the admin's crew. Paul asked me to email the little disease to him, done.   Jan you asked if I have ever had privacy maker ? I do not know what it is , so I have never had it. I checked all over in find file folders for any remanants of EZtrust logs or anything . The uninstaller must do a great job ,cause it's gone. I hope there is enough of that extention left for paul to disasemble it an see what it is. I spoke to a guy and he said that the Norton2001 disc would wedge all that stuff out. I wiill not do anything till you guys tell me too. This is the only Pc I have . Thank you David        
     
  22. FanJ

    FanJ Guest

    Re: name  8nl$re~1type app/octet-stream encod:base

    Hi David,

    What "Norton2001 disc " are you talking about?
    There are lots of Norton-programs from Symantec, so.....? I'm in the dark..........
    I guess you are talking about Norton Utilities or Norton Works?

    I hope your PC is doing a bit better.
     
  23. david

    david Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    20
    Re: name  8nl$re~1type app/octet-stream encod:base

          Hello Paul, Jan, zen I left you guys a general note last night. I tried to install norton symantec2002 anit virus last night. Well the next thing you know  "the sleeping bear" was awakened Paul is disecting it to see what it is. So when the install went south, even after uninstalling all other virus utillitys. The p.c. was limping like a ship on a mad sea, I really felt like that last forum post would be my last on this p.c.  , Nothing was working warnings were popping up yada yada.So I tried again to use my recover/reformat to no avail. The phone rang a friend in seattle said to me, whats going on I told him, He asked if I knew anybody with a win98se recovery disc? Yes I do with total diff drivers so I put it in the cdrom drive an the thing overode my system and started the recover/inflation. When it was finished I look at the moniter and the system was like a kids play store  look . I placed my factory recover/ reformat disc and much to my amusement it worked!Now every thing works againlike when it was new, when I run the updated nortonat the end at the 96%finished mark I get a warning flag. NAVW32 caused an invalid page fault in
    module CABINET.DLL at 0187:75a04378.
    Registers:
    EAX=05fb2530 CS=0187 EIP=75a04378 EFLGS=00010202
    EBX=ffffffff SS=018f ESP=00bbdd20 EBP=00bbdd50
    ECX=0000000d DS=018f ESI=0000000e FS=4707
    EDX=05fb2585 ES=018f EDI=00bbdd2e GS=0000
    Bytes at CS:EIP:
    8a 08 88 0a 8b 15 fc 07 a1 75 88 0a ff 05 fc 07
    Stack dump:
    00000030 75a04b4f 7801000e 00000055 00cd05d4 00000000 00000000 7801000e 00dc8c80 0aa004ec 00cd0ac0 0000000c 00bbdd70 75a0445b 00bbddb4 75a031d4  So what does this mean? Just when I thought everything was fine. thank you  DaviD :rolleyes:
     
  24. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Re: name  8nl$re~1type app/octet-stream encod:base

    HOW TO DELETE THE FILE:

    -Open a command prompt

    -While in the C:\ directory run this command w/out quotes "dir/a>output.txt"

    -Open output.txt in the DOS Editor, the command is "edit"(DO NOT USE NOTEPAD!!) from the command prompt, and you will see a line like:
    "8n|$re~1 time/date size XXXXXXXX"(XXXXXXX will be the real dos name of the file!)

    -Now copy just the real name, and make a new file called garbage.bat  To cover your bases you need to make a couple lines in the file:

    attrib XXXXXXXX -r -s -h
    rename XXXXXXX garbage

    -Save garbage.bat, and run it from C:\ where you have been working this entire time by just putting w/out quotes "garbage" in the command line.  That file should now appear as garbage, and you can do whatever you want with it......

    If you have trouble understanding these directions you will need to send me a screen shot of the real name of the file, or the output.txt file zipped so I can create the batch file for you.
     
  25. zappa

    zappa Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    176
    Location:
    Los Angeles, Ca.
    Re: name  8nl$re~1type app/octet-stream encod:base

    Mr. Paranoid here.  

    I saw the reference above to the dollar sign $.

    I have seen that in my environmental settings through TDS.  


    TMP=C:\WINDOWS\TEMP
    TEMP=C:\WINDOWS\TEMP
    PROMPT=$p$g
    winbootdir=C:\WINDOWS
    PATH=C:\WINDOWS;C:\WINDOWS\COMMAND
    COMSPEC=C:\WINDOWS\COMMAND.COM
    windir=C:\WINDOWS
    BLASTER=A220 I5 D3 T4



    It shows up in Prompt.   I'm sure it is normal as all of my previous issues have been but humor me, please.  Is that normal?  

    Thanks.
     
Loading...
Thread Status:
Not open for further replies.