From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1BcPJx-0004V6-D1 for qemu-devel@nongnu.org; Mon, 21 Jun 2004 09:58:49 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1BcPJw-0004UN-BG for qemu-devel@nongnu.org; Mon, 21 Jun 2004 09:58:49 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1BcPJw-0004UC-4p for qemu-devel@nongnu.org; Mon, 21 Jun 2004 09:58:48 -0400 Received: from [203.190.192.17] (helo=wasp.net.au) by monty-python.gnu.org with esmtp (Exim 4.34) id 1BcPIb-0008A5-D3 for qemu-devel@nongnu.org; Mon, 21 Jun 2004 09:57:25 -0400 Message-ID: <40D6E942.90500@wasp.net.au> Date: Mon, 21 Jun 2004 17:57:22 +0400 From: Brad Campbell MIME-Version: 1.0 Subject: Re: [Qemu-devel] Win2k-SP3 References: <20040621130525.68575.qmail@web60209.mail.yahoo.com> In-Reply-To: <20040621130525.68575.qmail@web60209.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Piotr Krysik wrote: > Hi, > > You can use > # od -t x1z edbXXXXX.log | less > It seems to be transactions log of Jet database [1]. The log, I guess, > is related to database C:\WINNT\Security\Database\secedit.sdb. The > database stores Local Security Policy [2]. > > I noticed that contents of all the files (except edb.log, edb00001.log > and res1.log), is identical if first 32 bytes (header?) are ignored. > Hey, thanks for that. I'll get into the other files and then I can make wild speculative guesses about what could possibly be causing the problem. I have not "done windows" since 1996 so I'm a bit behind what it does and does not do, besides knowing that it does cause havoc and mayhem when infected with blaster or its kin. Regards, Brad