Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1,481 Posts
Discussion Starter #1
Where do you put the login scripts (what folder) or on the profile tab under user properties do you just point the path in the logon script line to the .bat file
 

·
Premium Member
Joined
·
1,611 Posts
Doonz,
they are usually located in \\PDC\netlogon share which shares the directory of c:\winnt\system32\repl\import\scripts directory..

..going back to your previous post..you've listed a file on there called tftp879.exe... Backdoornthack actually "phones home" to a host and downloads components so I think that might be a part of it...microsofts explanation is that the virus downloads the file called Dl.exe and runs install routine and installs a folder in hidden folder in C:\Winnt\System32\Os2\ folder ...You can also look in your process list for processes listed in ALL CAPS.. I would also recommend changing admin pwd. because its most likely they are stolen by now and ready to ship out....
I will keep up with this thread and keep an eye on new things for ya...
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top