Time Wed Feb 16 21:58:00 GMT+0800 2005
An inappropriate behaviour of Microsoft AntiSpyware purged my System32 folder of Windows Server 2003
I use G:\temp as my temporary folder, in other words, the TMP and TEMP environment variables are set to "G:\temp". For convenience, I wrote a batch(.bat) file to clear G:\temp recursively. It always worked well and efficiently till yesterday when disaster stroke.
I double-clicked the bat file then Microsoft AntiSpyware popped up a balloon window asking whether to allow the execution. I clicked allow with no further consideration but the command window finally made me sick — everything in System32 was being deleted!
It was my worst nightmare!
Further exploration concluded that Microsoft AntiSpyware is to blame. Whenever a bat execution is allowed, its context is somehow changed — the "current directory" will be set to %SYSTEMROOT%\SYSTEM32.
Hard to believe? Create a text file, write simply
and save if as a bat.
Double-click the bat and choose allow when Microsoft AntiSpyware prompts.
See? Files in your System32 are listed!
And what I wrote in my evil bat is much more destructive.
del *.* /s /q
rd /s /q temp
Be careful! A bodyguard comes as a murderer sometimes!