rem@cs.bu.edu (Robert E. Mee) (11/17/90)
I recently noticed what seems to be a trojan on my PC. I notice two files in my root directories (c and d) they have eight character filenames (ex: 111E340A and 111E340F). They are only displayed when I type "dir | more" in my root directory. The file names change (as well as the creation date) every time I iterate the command. The files are 0 length. They do not exist when I try to delete them. I am guessing that they take on their new names after the directory listing is taken. I have tried stripping out autoexec.bat and config.sys to eliminate the possibility that they are some sort of work file created by some memory resident program but they persist. I Have also tried doing a floppy boot (write protected) and attempt to do the directory but no good. I am not a regular reader of comp.virus but I intend to do so more regularly. If you know anything about this syndrome, please help. Post if it's easier but mail if this is something easy to eliminate or just some silly anomaly about DOS. Thanks, Rob Robert Mee ...!harvard!bu-cs!rem rem%bu-cs.csnet@csnet-relay.arpa rem@bu-cs
woody@chinacat.Unicom.COM (Woody Baker @ Eagle Signal) (11/20/90)
rem@cs.bu.edu (Robert E. Mee) writes: > I recently noticed what seems to be a trojan on my PC. I notice two > files in my root directories (c and d) they have eight character > filenames (ex: 111E340A and 111E340F). They are only displayed when I > type "dir | more" in my root directory. The file names change (as well Dos fakes redirection pipes by creating a temporary file on the disk, and writing to it. Newer versions of dos have a function to make a temporary file. It is created from the time and date stamp, and is a hex number. When you do a dir | more, Dos creates a scratch file to put the output of dir into. More then takes that, and apparently uses a scratch file or perhaps Dos creates 2 scratch files. In any case, it is a standard feature of DOS, and not to worry. Cheers Woody
alarky@aragorn.csee.lehigh.edu (Dr. Arthur Larky-84068) (11/20/90)
rem@cs.bu.edu wants to know if the files which show up when he does dir | more are a virus? No, they are evidence of the difference between Unix and MSDOS. The "|" is a "pipe" between two programs, passing the output of one into the input of the other. In Unix, the pipe is handled somewhere inside the system; in MSDOS, it is handled by re-directing the output into a temporary file and then re-directing the temporary file into the next program. Unfortunately, MSDOS has a tendency to leave the temporary files lying around. This is especially true if you abort the more output with a ^C. When you own a dog, you have to be prepared to use a "pooper-scooper" occasionally! Art Larky alarky@scarecrow.csee.lehigh.edu alarky@aragorn.csee.lehigh.edu Disclaimers re:Lehigh University apply.