Results 1 to 4 of 4

Thread: unknown cookie/file format??

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    233

    unknown cookie/file format??

    last night I was cleaning up my win2k server at home and when I got to my "temporary internet files" directory I noticed a couple of really strange entries that I could not remove. They looked something like this:


    3811524@LocalSource1,LocalSource2,LocalSource3...

    a bit longer than that, but something along those lines. Now I know I can't remove them because they are using illegal characters (the @ and the commas) so I was wondering exactly how they were written to my machine in the first place. Also, I'm not real sure if these are illegal cookies, or just straight illegal files. I can't open them to look at them, but they appear to be cookies? They are also only 1kb in size.


    I was thinking that perhaps I had been compromised and I looked for the common 0-day directories and didn't find any. I also checked out my firewalls logs and my IDS system along with the local logs on that machine so I don't think I'm really compromised, just that someone has found a way to put cookies on my machine without me having the ability to remove them. I like to think that I have my systems pretty well locked down, but you never know.


    I went through a hack about a year ago where one of the servers at my old work was hit with 0-day stuff and there were all kinds of illegal characters and illegel dirs that were on that machine that were near to impossible to remove. I don't want to go through the same headache with this machine so I was wondering if anyone had a quick and dirty way to remove them.

    oh rename doesn't work, and properties doesn't work. I THINK I may be able to get my hands on the POSIX stuff if I REALLY need it to remove those files, but I hope I don't. Thanks for the help.




    El Diablo

  2. #2
    Senior Member
    Join Date
    Aug 2001
    Posts
    233

    unknown cookie/file format??

    last night I was cleaning up my win2k server at home and when I got to my "temporary internet files" directory I noticed a couple of really strange entries that I could not remove. They looked something like this:


    3811524@LocalSource1,LocalSource2,LocalSource3...

    a bit longer than that, but something along those lines. Now I know I can't remove them because they are using illegal characters (the @ and the commas) so I was wondering exactly how they were written to my machine in the first place. Also, I'm not real sure if these are illegal cookies, or just straight illegal files. I can't open them to look at them, but they appear to be cookies? They are also only 1kb in size.


    I was thinking that perhaps I had been compromised and I looked for the common 0-day directories and didn't find any. I also checked out my firewalls logs and my IDS system along with the local logs on that machine so I don't think I'm really compromised, just that someone has found a way to put cookies on my machine without me having the ability to remove them. I like to think that I have my systems pretty well locked down, but you never know.


    I went through a hack about a year ago where one of the servers at my old work was hit with 0-day stuff and there were all kinds of illegal characters and illegel dirs that were on that machine that were near to impossible to remove. I don't want to go through the same headache with this machine so I was wondering if anyone had a quick and dirty way to remove them.

    oh rename doesn't work, and properties doesn't work. I THINK I may be able to get my hands on the POSIX stuff if I REALLY need it to remove those files, but I hope I don't. Thanks for the help.




    El Diablo

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    317
    Boot to a dos prompt, cd to the directory the "temporary internet files" folder is located in. Remove the "temporary internet files" folder with the deltree command. Reboot. Quick and dirty, but effective.

    Hope this helps. Regards.
    \"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"


  4. #4
    Senior Member
    Join Date
    Apr 2002
    Posts
    317
    Boot to a dos prompt, cd to the directory the "temporary internet files" folder is located in. Remove the "temporary internet files" folder with the deltree command. Reboot. Quick and dirty, but effective.

    Hope this helps. Regards.
    \"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •