heres the story. my acount privleges were threatened one day. expecting the worst, i prepared to give my self some degree of control. so i looked up instutions for an unprotected cmd that would appear as a screen saver from the system login screen, then i could hack the admin account if things got worse. but the threat passed so i deleted it. next day i look in system32 and see another copy of it! i delete that and 5 seconds later a new one pops up! i believe it backed up the screensave because its in the choose screensaver list and also backed up command prompt. plez help me get rid of it for good! :(
here the basic idea of the script (might have been different):
copy logon.scr temphack\logon.scr
copy cmd.exe temphack\cmd.exe
rename cmd.exe logon.scr
the oringinal cmd.exe is still there and working.
i found temphack folder and deleted it. it didn't come back.
logon.scr has the icon of cmd.exe
logon.scr acts like screensaver with the same right-click menu options as one.
after changing the name to logons, a new one appered called logon.
after deleting logons a new logons did not appear.
plez help me!