RE: Windows 2000 login hack
From: Evans, TJ (tjevans@kpmg.com)Date: 03/15/02
- Previous message: apple apple: "Need help with W2K/IIS 5 opening POP3 connections"
- Maybe in reply to: Jeremy: "Windows 2000 login hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Evans, TJ" <tjevans@kpmg.com> To: "Dill, Stephen" <SDill@MassMutual.com>, "'Jeremy'" <prrthd@myrealbox.com>, focus-ms@securityfocus.com Date: Fri, 15 Mar 2002 11:53:57 -0500
The safest course would be the tactical nuke <i.e. - reload from scratch>,
however reality often steps in and prevents that from being a viable option.
Strictly speaking in terms of getting the box up and running - have you
tried booting off of the Win2k CD and doing a repair?
Thanks!
TJ
-----Original Message-----
From: Dill, Stephen [mailto:SDill@MassMutual.com]
Sent: Thursday, March 14, 2002 4:02 PM
To: 'Jeremy'; focus-ms@securityfocus.com
Subject: RE: Windows 2000 login hack
I can't think of a way to repair the problem other than a reinstall of
windows. If this was a warez version of some software, whoever 'warezed' it
might have snuck in a back door of some sort. My suggestion would be to
reformat and reinstall or reimage the machine.
-----Original Message-----
From: Jeremy [mailto:prrthd@myrealbox.com]
Sent: Thursday, March 14, 2002 13:18
To: focus-ms@securityfocus.com
Subject: Windows 2000 login hack
Hello all,
One of my users recently downloaded some warez off the internet and
proceeded to install it on his windows 2000 Pro box. Well, suprise suprise
it screwed up his PC. Now when any user tries to login to the PC they can
get to the login screen and type their username and password but when he
hits enter it pauses for a couple seconds then sends him back to the "Press
ctrl-alt-delete to Login" screen. I can get into the PC in safe mode and I
have removed the program he installed, I have also looked in the startup
folder for all the local users with no luck. I went ahead and searched the
registry for logoff/logout and looked in the run, runonce and startup areas
in the registry but everything looks fine. Has anyone ever heard of
something like this before, any ideas as to where I can look next to try and
fix this?
Thanks for your help
Jeremy
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
- Previous message: apple apple: "Need help with W2K/IIS 5 opening POP3 connections"
- Maybe in reply to: Jeremy: "Windows 2000 login hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
