Ooh, I didn't mean get a consultant straight away :) First thing you can do is update and virus scan, then turn on file auditing to find out when these files are being made. I'd also have a look through task manager at all the processes verifying each one thats running is something legitimate.. Andrew On 25/10/05, Mauricio Fernandez <mfernandez@xxxxxxxxxxxxxxx> wrote: > > Thanks for your answer. > > Unfortunately, there are no security auditors in this country. Where can > I start? Do you know some tool to do this? > > *Mauricio Fernández S.* > > IT Manager > > Tel. 591- 445-25160 > > Fax. 591- 441-15056 > > mfernandez@xxxxxxxxxxxxxxx > > www.fdta-valles.org <http://www.fdta-valles.org> > > Cochabamba - Bolivia > > -----Original Message----- > *From:* windows2000-bounce@xxxxxxxxxxxxx [mailto: > windows2000-bounce@xxxxxxxxxxxxx] *On Behalf Of *Dogers > *Sent:* Tuesday, October 25, 2005 4:05 AM > *To:* windows2000@xxxxxxxxxxxxx > *Subject:* [windows2000] Re: weird files on AD Server > > Don't know what they are, but I'd be concerned - especially as they're > owned by different users! > > I'd say it was time for a system audit :) > > Andrew > > On 24/10/05, *Mauricio Fernandez* <mfernandez@xxxxxxxxxxxxxxx> wrote: > > I found periodically a hundred of text files on C:\ in the AD Server box. > Those files are named with rbpxxxxx.txt, where xxxxx is a number. The > contents of the files are not text, just non-understandable characters. Each > file is owned by a different user… Does anyone knows what is it? > > Thanks > > *Mauricio Fernández S.* > > IT Manager > > Tel. 591- 445-25160 > > Fax. 591- 441-15056 > > mfernandez@xxxxxxxxxxxxxxx > > www.fdta-valles.org <http://www.fdta-valles.org> > > Cochabamba - Bolivia > >