last night I was cleaning up my win2k server at home and when I got to my "temporary internet files" directory I noticed a couple of really strange entries that I could not remove. They looked something like this:


3811524@LocalSource1,LocalSource2,LocalSource3...

a bit longer than that, but something along those lines. Now I know I can't remove them because they are using illegal characters (the @ and the commas) so I was wondering exactly how they were written to my machine in the first place. Also, I'm not real sure if these are illegal cookies, or just straight illegal files. I can't open them to look at them, but they appear to be cookies? They are also only 1kb in size.


I was thinking that perhaps I had been compromised and I looked for the common 0-day directories and didn't find any. I also checked out my firewalls logs and my IDS system along with the local logs on that machine so I don't think I'm really compromised, just that someone has found a way to put cookies on my machine without me having the ability to remove them. I like to think that I have my systems pretty well locked down, but you never know.


I went through a hack about a year ago where one of the servers at my old work was hit with 0-day stuff and there were all kinds of illegal characters and illegel dirs that were on that machine that were near to impossible to remove. I don't want to go through the same headache with this machine so I was wondering if anyone had a quick and dirty way to remove them.

oh rename doesn't work, and properties doesn't work. I THINK I may be able to get my hands on the POSIX stuff if I REALLY need it to remove those files, but I hope I don't. Thanks for the help.




El Diablo