RE: my pc hacked?

From: Hagen, Eric (ehagen_at_DenverNewspaperAgency.com)
Date: 09/18/03

  • Next message: Faisal Masood: "RE: Stop browsing the web through GP?" 
    To: hong li <hong_li_98@yahoo.com>, security-basics@securityfocus.com
Date: Wed, 17 Sep 2003 17:20:11 -0600

    WebCompServer is a part of Crystal Reports 8.

    In addition, your "local echo" of hyperterminal may be turned on, which
    would let you see the password or anything else you typed.

    Other than that, the PC moving slow is unlikely to be an indication that you
    were "hacked", especially if there are no unusual processes running or
    unusual ports open. Note, if NMAP turned up ZERO open ports, the scan
    probably did not run properly or you have a locked-down firewall (in which
    case, getting hacked is very unlikely).

    Eric Hagen

    -----Original Message-----
    From: hong li [mailto:hong_li_98@yahoo.com]
    Sent: Wednesday, September 17, 2003 8:06 AM
    To: security-basics@securityfocus.com
    Subject: my pc hacked?

    Hi, all

    I think my workstation was hacked. (windows 2000
    professional) When I connect to the router
    to do some configurations through hyperterminal and I
    can see the password on the screen, even with
    encrypted password. The pc was incredible slow. I
    tried netstat -na and did not see the suspicious
    connection. Show processes and only see one suspicious
    "webcompserver.exe"
    (did not google this yet). I tried to use nmap to
    scan ports and shows all posts are closed.

    Any idea or suggestions whether the pc was hacked?

    Thanks in advance,

    Hong

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com

    ---------------------------------------------------------------------------
    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Captus Networks
    Are you prepared for the next Sobig & Blaster?
     - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
     - Precisely Define and Implement Network Security
     - Automatically Control P2P, IM and Spam Traffic
    FIND OUT NOW - FREE Vulnerability Assessment Toolkit
    http://www.captusnetworks.com/ads/42.htm
    ----------------------------------------------------------------------------

  • Next message: Faisal Masood: "RE: Stop browsing the web through GP?"

    Relevant Pages

    • my pc hacked?
      ... scan ports and shows all posts are closed. ... Do you Yahoo!? ... Captus Networks ... FIND OUT NOW - FREE Vulnerability Assessment Toolkit ...
      (Security-Basics)
    • RE: AW: SUS Help
      ... HFNetChk, like patching, updating the program itself, scanning multiple ... >Captus Networks ... >Are you prepared for the next Sobig & Blaster? ... >FIND OUT NOW - FREE Vulnerability Assessment Toolkit ...
      (Security-Basics)
    • RE: AW: SUS Help
      ... Both use hfnetchk, ... >Captus Networks ... >Are you prepared for the next Sobig & Blaster? ... >FIND OUT NOW - FREE Vulnerability Assessment Toolkit ...
      (Security-Basics)
    • AW: AW: SUS Help
      ... You can try HFNetCheckLT from Shavlik Technologies, ... >Captus Networks ... >Are you prepared for the next Sobig & Blaster? ... >FIND OUT NOW - FREE Vulnerability Assessment Toolkit ...
      (Security-Basics)
    • RE: FTP server options
      ... I am looking for some FTP server options running under ... Captus Networks ... - Automatically Control P2P, IM and Spam Traffic ... FIND OUT NOW - FREE Vulnerability Assessment Toolkit ...
      (Security-Basics)