Microsoft AntiSpyware helps purge my System32

Time   Wed Feb 16 21:58:00 GMT+0800 2005

Location  Office


An inappropriate behaviour of Microsoft AntiSpyware purged my System32 folder of Windows Server 2003


I use G:\temp as my temporary folder, in other words, the TMP and TEMP environment variables are set to "G:\temp". For convenience, I wrote a batch(.bat) file to clear G:\temp recursively. It always worked well and efficiently till yesterday when disaster stroke.

I double-clicked the bat file then Microsoft AntiSpyware popped up a balloon window asking whether to allow the  execution. I clicked allow with no further consideration but the command window finally made me sick — everything in System32 was being deleted!

It was my worst nightmare!

Further exploration  concluded that Microsoft AntiSpyware is to blame. Whenever a bat execution is allowed, its context is somehow changed — the "current directory" will be set to %SYSTEMROOT%\SYSTEM32.

Hard to believe? Create a text file, write simply


and save if as a bat.

Double-click the bat and choose allow when Microsoft AntiSpyware prompts.

See? Files in your System32 are listed!

And what I wrote in my evil bat is much more destructive.

echo off
echo deleting…
cd temp
del *.* /s /q
cd ..
rd /s /q temp
echo done

Be careful! A bodyguard comes as a murderer sometimes!

This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s