A friend told me that his sister's computer got really messed up after she opened an email containing a bunch of cute pictures. His sister's computer has Windows ME on it, and she is using Pegasus Mail and Firefox. Based on emails I have exchanged with her in the past, I doubt that her OS or software were updated regularly. I even contacted her about six months ago to warn her about a vulnerability that was found in Pegasus Mail, but she didn't seem too concerned and indicated that she wasn't sure whether she would bother to upgrade to the latest version.

Anyway, my friend claims that the malware renamed the System32 folder to System3r and then created a new System32 folder and was populating it with various legitimate-looking drivers. Of course, my friend is guessing about what happened. But if he's right, then the files in the new System32 folder have most likely been "trojanized" in some way.

Here's what I am wondering: Are there any legitimate processes or mechanisms within Windows ME that could be responsible for the System32 folder being renamed to "System3r"? Although my friend's speculation about what happened may be correct, I'd prefer not to jump to any conclusions.

Phil

Quick Google search shows nothing, so there is very low probability that it is something known.

I have one idea - the binary reprsentation of these characters are very similar:

2 = 32 in hex = 0011 0010 in binary.
r = 72 in hex = 0111 0010 in binary

So just one bit difference.

I'd guess on some hardware problem, either with disk (or cable) or with memory.

Petr

You're not the only one to notice that

Definitely a bit flipped on the disk, right in the middle of the directory entry filename... I'd say do a backup and perform read/write testing on the drive.

What an interesting coincidence indeed.