> -----Original Message-----
> From: Steven L. Brendtro [mailto:sbrendtro@home.com]
> 
> 
> Now how about this one... there are several log entries that 
> start with:
> 	"GET /scripts/..%c1%9c../winnt/system32/cmd.exe... - 404"
> followed by several hundred lines of binary looking garbage:
> 	";øv?FÈ<NÈ+Á?E"
> 
> I read somewhere that the cmd.exe is part of Code Red's 
> attack.  Does anyone
> know what exactly is all the binary garbage I am getting in 
> my log files?
That doesn't look familiar to what I have been reading. It looks more like
someone trying to exploit infected machines. Probably some "script kiddie"
who didn't do his/her homework. Or it could be Code Red III, the newer more
improved version?
Code red makes Trojan copies of the cmd.exe and makes them "world
readable/executable" with "administrator" rights.

> -----Original Message-----
> From: Charles Steinkuehler [mailto:charles@steinkuehler.net]
> 
>shutdown /L /Y /C
>
>Apparently, however, this undocumented command has been changed (removed)
>for 2K.  Anyone know how to do something similar in 2K?

How about "cmd.exe format /X c:"
/X forces a dismount and closes all file handles before formatting (if
necessary)
[CERT recommends a format and reinstall for infected systems anyway]
;')>

Brian