If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
delete "C:\Windows\*" ?
Hi
Last days I had an strange cmd-prompt by log in as admin-user. I've been asked, whether I want to delete "C:\Windows\*". I answered with "n" and after that all was normal. As a test I logged off and in again: But it did not happened again. Since I was a long time not logged in as admin, I have no Idea, what the cause could be. My system: Windows 7 Ultimate, 64 Bit Has anyone a Idea ? |
Ads |
#2
|
|||
|
|||
delete "C:\Windows\*" ?
On 11/4/2015 12:11 AM, ha wrote:
Hi Last days I had an strange cmd-prompt by log in as admin-user. I've been asked, whether I want to delete "C:\Windows\*". I answered with "n" and after that all was normal. As a test I logged off and in again: But it did not happened again. Since I was a long time not logged in as admin, I have no Idea, what the cause could be. My system: Windows 7 Ultimate, 64 Bit Has anyone a Idea ? I would suspect a virus or trojan may have sneaked onto your system. Time to backup the contents of the drive, just in case things get worse. If it were me I'd be downloading and running the latest freeware versions of Malwarebytes and SuperAntiSpyware to start with https://www.malwarebytes.org/mwb-download/ http://www.superantispyware.com/supe...freevspro.html The other thing I would be doing is checking to see who else had access to your machine that might have it in for you, like an angry employee or relative. It is very easy to have written the code to treat anything you entered be it "Y" or "N" be treated as the go ahead and try deleting things. The entire episode could also be a prelude for someone planing to encrypt your files and hold them for ransom. |
#3
|
|||
|
|||
delete "C:\Windows\*" ?
"GlowingBlueMist" wrote in message ... On 11/4/2015 12:11 AM, ha wrote: Hi Last days I had an strange cmd-prompt by log in as admin-user. I've been asked, whether I want to delete "C:\Windows\*". I answered with "n" and after that all was normal. As a test I logged off and in again: But it did not happened again. Since I was a long time not logged in as admin, I have no Idea, what the cause could be. My system: Windows 7 Ultimate, 64 Bit Has anyone a Idea ? I would suspect a virus or trojan may have sneaked onto your system. Time to backup the contents of the drive, just in case things get worse. If it were me I'd be downloading and running the latest freeware versions of Malwarebytes and SuperAntiSpyware to start with https://www.malwarebytes.org/mwb-download/ http://www.superantispyware.com/supe...freevspro.html The other thing I would be doing is checking to see who else had access to your machine that might have it in for you, like an angry employee or relative. It is very easy to have written the code to treat anything you entered be it "Y" or "N" be treated as the go ahead and try deleting things. The entire episode could also be a prelude for someone planing to encrypt your files and hold them for ransom. Years ago (probably close to 15 or more), there was a prank program going around that prompted you Y/N on whether you wanted to delete your Windows folder. No matter what you selected, it would show a "Y", then a window with "Deleting all files . . ." and would scroll a list of the files it was "deleting." In actuality, nothing was happening except the window showing the files as they were deleted. Seemed to very prevalent around Halloween. Not very funny for us IT guys who were getting frantic calls from those who ran it. -- SC Tom |
#4
|
|||
|
|||
delete "C:\Windows\*" ?
On 11/4/2015 6:03 AM, SC Tom wrote:
"GlowingBlueMist" wrote in message ... On 11/4/2015 12:11 AM, ha wrote: Hi Last days I had an strange cmd-prompt by log in as admin-user. I've been asked, whether I want to delete "C:\Windows\*". I answered with "n" and after that all was normal. As a test I logged off and in again: But it did not happened again. Since I was a long time not logged in as admin, I have no Idea, what the cause could be. My system: Windows 7 Ultimate, 64 Bit Has anyone a Idea ? I would suspect a virus or trojan may have sneaked onto your system. Time to backup the contents of the drive, just in case things get worse. If it were me I'd be downloading and running the latest freeware versions of Malwarebytes and SuperAntiSpyware to start with https://www.malwarebytes.org/mwb-download/ http://www.superantispyware.com/supe...freevspro.html The other thing I would be doing is checking to see who else had access to your machine that might have it in for you, like an angry employee or relative. It is very easy to have written the code to treat anything you entered be it "Y" or "N" be treated as the go ahead and try deleting things. The entire episode could also be a prelude for someone planing to encrypt your files and hold them for ransom. Years ago (probably close to 15 or more), there was a prank program going around that prompted you Y/N on whether you wanted to delete your Windows folder. No matter what you selected, it would show a "Y", then a window with "Deleting all files . . ." and would scroll a list of the files it was "deleting." In actuality, nothing was happening except the window showing the files as they were deleted. Seemed to very prevalent around Halloween. Not very funny for us IT guys who were getting frantic calls from those who ran it. True, those did exist, and still do according to a Google search. Some of them were "smart" enough to only run on specific dates like Halloween or April 1. Fortunately most decent anti-virus programs have their signature's on file and identify them quickly now. |
#5
|
|||
|
|||
delete "C:\Windows\*" ?
GlowingBlueMist schrieb:
Years ago (probably close to 15 or more), there was a prank program going around that prompted you Y/N on whether you wanted to delete your Windows folder. No matter what you selected, it would show a "Y", then a window with "Deleting all files . . ." and would scroll a list of the files it was "deleting." In actuality, nothing was happening except the window showing the files as they were deleted. Seemed to very prevalent around Halloween. Not very funny for us IT guys who were getting frantic calls from those who ran it. True, those did exist, and still do according to a Google search. Some of them were "smart" enough to only run on specific dates like Halloween or April 1. Such programs even exists at the amiga long time ago. The reason for my question here is, whether it is possible, that the cause could be a sort of bad programmed uninstaller etc. Why I had to log into my admin-account? In my standarduser-account it did not happen. Btw: I scan with malwarebytes several times a week. |
#6
|
|||
|
|||
delete "C:\Windows\*" ?
On 11/4/2015 8:45 AM, ha wrote:
GlowingBlueMist schrieb: Years ago (probably close to 15 or more), there was a prank program going around that prompted you Y/N on whether you wanted to delete your Windows folder. No matter what you selected, it would show a "Y", then a window with "Deleting all files . . ." and would scroll a list of the files it was "deleting." In actuality, nothing was happening except the window showing the files as they were deleted. Seemed to very prevalent around Halloween. Not very funny for us IT guys who were getting frantic calls from those who ran it. True, those did exist, and still do according to a Google search. Some of them were "smart" enough to only run on specific dates like Halloween or April 1. Such programs even exists at the amiga long time ago. The reason for my question here is, whether it is possible, that the cause could be a sort of bad programmed uninstaller etc. Why I had to log into my admin-account? In my standarduser-account it did not happen. Btw: I scan with malwarebytes several times a week. I seriously doubt it was an accident. No qualified programer would include a string of code like that unless it was meant to cause problems. Too many chances for things to go wrong. As for admin account, the software author must have thought the program would have a better chance of messing up the system from there. |
#7
|
|||
|
|||
delete "C:\Windows\*" ?
GlowingBlueMist wrote:
On 11/4/2015 8:45 AM, ha wrote: GlowingBlueMist schrieb: Years ago (probably close to 15 or more), there was a prank program going around that prompted you Y/N on whether you wanted to delete your Windows folder. No matter what you selected, it would show a "Y", then a window with "Deleting all files . . ." and would scroll a list of the files it was "deleting." In actuality, nothing was happening except the window showing the files as they were deleted. Seemed to very prevalent around Halloween. Not very funny for us IT guys who were getting frantic calls from those who ran it. True, those did exist, and still do according to a Google search. Some of them were "smart" enough to only run on specific dates like Halloween or April 1. Such programs even exists at the amiga long time ago. The reason for my question here is, whether it is possible, that the cause could be a sort of bad programmed uninstaller etc. Why I had to log into my admin-account? In my standarduser-account it did not happen. Btw: I scan with malwarebytes several times a week. I seriously doubt it was an accident. No qualified programer would include a string of code like that unless it was meant to cause problems. Too many chances for things to go wrong. As for admin account, the software author must have thought the program would have a better chance of messing up the system from there. I think such a prompt is a "tease", as I doubt the files involved (owned by trusted installer and only trusted installer has "write" on them) would just delete right away. The ownership of the files would have to be modified first. And if you're going to that much trouble, why not just delete them directly ? It's more likely that someone wants you to click something which elevates another command or something. There's got to be a trick. Paul |
#8
|
|||
|
|||
delete "C:\Windows\*" ?
Paul schrieb:
It's more likely that someone wants you to click something which elevates another command or something. There's got to be a trick. There was nothing to click. It was just that prompt. When I logged in as admin, the welcome screen was pretty long there. Usually it takes just a second. Since that strange event, all seems back to normal. Thank you all for answering. I have to investigate. I hesitate, to reinstall the system. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|