Trust is a weakness

[BladeRunner]

I had an interesting adventure today, exploration of windows. It is so~ full of surprises. For example, I found an uninstall file in the windows folder, and to my surprise, when I decided to find out what it might uninstall, I got the following message:

"You do not have sufficient permission to run this file"

This is interesting. I, the owner of this computer, am not allowed to undelete something, wtf. I tracked that program back to an .inf file with various tricks, and it's label was

Ethernet + Creditcard or something, and a bunch of code I admittedly do not understand. Very very interesting. then an .ini file with a lot of senseless characters, within, coded, only thing recognizable a four-digit number.

"Trust is a weakness". Indeed. Everyone who bothers to scan his C:\Windows\ folder will agree to that.

[Lord Samuel]

I would look at this carefully, possible trojan. Might just be a stupid program but I would check up on it if i was you. Something that the owner can't uninstall looks a bit dodge to me. Stupid cracker kids will dump stuff in the windoze folder to make ppl think it's meant to be there. Damn kids!

[BladeRunner]

Thanks for the warning, I have thought about this myself, but everything seems to be fine as much as I can tell. My personal guess is that it's some kind of spyware. Think it's time for

cd usr
delete
cd sys
delete
shutdown

[Enallyniv]

I like that, very well said.
And I think that sounds really weird. I'm going to browse my Windows folder tonight. Do you think it could be something Chris put into the game for us to find, maybe a test of our tracing skills? I haven't seen anything written about it... Hmmm... I'll keep you updated. Just to be safe, try running a virus scan on the file.

[AnthonyS]

If it cant be deleted, there is a 78% chance of it being a trojin.

[Deepsmeg]

Ethernet... Creditcard...
Is the system a laptop?

[BladeRunner]

AnthonyS: Tried to delete it and worked. Good advice anyway, thanks.

Deepsmeg: nope, no laptop.

[Deepsmeg]

Fair enough. If it was, it could have been a PCMCIA (Creditcard) Ethernet adapter.

[There is No Spoon]

You can get PCI cards for desktop computers which enable you to use PCMCIA devices.  But anyone with such a device would recognise the 'credit card' notation as refering to such device.

[Spectere_uplink]

Quote: from BladeRunner on 11:05 am on Jan. 27, 2003[br]I had an interesting adventure today, exploration of windows. It is so~ full of surprises. For example, I found an uninstall file in the windows folder, and to my surprise, when I decided to find out what it might uninstall, I got the following message:

"You do not have sufficient permission to run this file"

Sounds like it could be a piece of third party software that expects the administrator of an NT computer to be named "Administrator" (which is, as you can tell, poor coding).

This is interesting. I, the owner of this computer, am not allowed to undelete something, wtf.

In Windows NT (especially NT5, which is 2000 and XP) the operating system prevents you from doing things that might damage the system (or others that may gain access to the administrative account) so there is a good possibility that there will be things that you can't delete.

There is another user for NT systems (though you can't log into it normally) called SYSTEM that literally has full control of the machine.  Humans cannot access this account normally (system services can, however).

[Adriac]

"If it cant be deleted, there is a 78% chance of it being a trojan." And why not an essential system file you REALLY don't want to lose?

(Edited by Adriac at 1:27 am on Jan. 29, 2003)