RE: Windows 2000 login hack

From: Marc Fossi (mfossi@securityfocus.com)
Date: 03/15/02 

Date: Fri, 15 Mar 2002 09:18:05 -0700 (MST)
From: Marc Fossi <mfossi@securityfocus.com>
To: "Dill, Stephen" <SDill@MassMutual.com>

In addition to doing the reformat/reinstall, I would also highly recommend
changing the passwords of any user account that attempted to log on to
this system at the very least. If possible, reset _all_ the passwords on
the network (I realize that this can be difficult on larger networks).

If there was a back door of some sort on the system, it's very difficult
to know just how much access somebody could have had.

Cheers,

Marc Fossi, MCSE
SecurityFocus
www.securityfocus.com

On Thu, 14 Mar 2002, Dill, Stephen wrote:

> I can't think of a way to repair the problem other than a reinstall of
> windows. If this was a warez version of some software, whoever 'warezed' it
> might have snuck in a back door of some sort. My suggestion would be to
> reformat and reinstall or reimage the machine.
>
> -----Original Message-----
> From: Jeremy [mailto:prrthd@myrealbox.com]
> Sent: Thursday, March 14, 2002 13:18
> To: focus-ms@securityfocus.com
> Subject: Windows 2000 login hack
>
>
> Hello all,
>
> One of my users recently downloaded some warez off the internet and
> proceeded to install it on his windows 2000 Pro box. Well, suprise suprise
> it screwed up his PC. Now when any user tries to login to the PC they can
> get to the login screen and type their username and password but when he
> hits enter it pauses for a couple seconds then sends him back to the "Press
> ctrl-alt-delete to Login" screen. I can get into the PC in safe mode and I
> have removed the program he installed, I have also looked in the startup
> folder for all the local users with no luck. I went ahead and searched the
> registry for logoff/logout and looked in the run, runonce and startup areas
> in the registry but everything looks fine. Has anyone ever heard of
> something like this before, any ideas as to where I can look next to try and
> fix this?
>
> Thanks for your help
>
> Jeremy
>
>
>

Relevant Pages

  • Re: Unable to type password at welcome screen
    ... Windows security update kb923191 causes the problem. ... vertical login cursor ceases to exist. ... never be able to remember their user name, much less their passwords. ...
    (microsoft.public.windowsxp.general)
  • Re: Internet explorer security
    ... > If Jon is using a 95-based version of Windows, ... > All a user needs to do is hit the Esc button to bypass the login. ... > which is a cache of passwords. ...
    (alt.computer.security)
  • Re: Default login
    ... Your method of getting to Manage Passwords, takes you to the same place as my method :-) ... MS-MVP Windows Media Center\Windows Powered Smart Display\Security ... > How to Remove an Instant Messaging User Account from the List of Windows ... Her login is set to login ...
    (microsoft.public.windows.mediacenter)
  • I can not login in to any secure websites
    ... can not login to any sites that ask for passwords. ... Windows XP, IE 6 with SP2 ...
    (microsoft.public.security.virus)
  • Re: Drop down list of logins
    ... internet sites, that appear in a drop down box when I click in the login section of that page? ... The login and passwords I'm referring to are the ones that Windows asks If you want it to remember them. ...
    (microsoft.public.windowsxp.help_and_support)