@Nokia: Thanks a lot for the info. I was about to search about the '%comspec%' variable. The reason being: I mistyped %comspec% as %compsec%. Anyway thanks a lot for the detailed analysis of the command (and thus the situation).
Printable View
@Nokia: Thanks a lot for the info. I was about to search about the '%comspec%' variable. The reason being: I mistyped %comspec% as %compsec%. Anyway thanks a lot for the detailed analysis of the command (and thus the situation).
The thing that has me so mad is, How did the command get run in the first place?
Is this still a matter of social engineering the user to run it, or is it a drive-by?
:cool:
May I predict the use of an ActiveX control?
The second could be of course 'physical access'? Or may be that it is something done by another program which got into the machine (again, the question remains though) just to issue that command?