pcalvert Posted July 12, 2006 Share Posted July 12, 2006 A friend told me that his sister's computer got really messed up after she opened an email containing a bunch of cute pictures. His sister's computer has Windows ME on it, and she is using Pegasus Mail and Firefox. Based on emails I have exchanged with her in the past, I doubt that her OS or software were updated regularly. I even contacted her about six months ago to warn her about a vulnerability that was found in Pegasus Mail, but she didn't seem too concerned and indicated that she wasn't sure whether she would bother to upgrade to the latest version. Anyway, my friend claims that the malware renamed the System32 folder to System3r and then created a new System32 folder and was populating it with various legitimate-looking drivers. Of course, my friend is guessing about what happened. But if he's right, then the files in the new System32 folder have most likely been "trojanized" in some way.Here's what I am wondering: Are there any legitimate processes or mechanisms within Windows ME that could be responsible for the System32 folder being renamed to "System3r"? Although my friend's speculation about what happened may be correct, I'd prefer not to jump to any conclusions.Phil Link to comment Share on other sites More sharing options...
Petr Posted July 12, 2006 Share Posted July 12, 2006 Quick Google search shows nothing, so there is very low probability that it is something known.I have one idea - the binary reprsentation of these characters are very similar:2 = 32 in hex = 0011 0010 in binary.r = 72 in hex = 0111 0010 in binarySo just one bit difference.I'd guess on some hardware problem, either with disk (or cable) or with memory.Petr Link to comment Share on other sites More sharing options...
LLXX Posted July 12, 2006 Share Posted July 12, 2006 (edited) Quick Google search shows nothing, so there is very low probability that it is something known.I have one idea - the binary reprsentation of these characters are very similar:2 = 32 in hex = 0011 0010 in binary.r = 72 in hex = 0111 0010 in binarySo just one bit difference.I'd guess on some hardware problem, either with disk (or cable) or with memory.PetrYou're not the only one to notice that Definitely a bit flipped on the disk, right in the middle of the directory entry filename... I'd say do a backup and perform read/write testing on the drive.What an interesting coincidence indeed. Edited July 12, 2006 by LLXX Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now