Re: Computers got Hacked?? Please Help!!!

From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 09/19/04


Date: Sun, 19 Sep 2004 10:11:54 -0400


"itsupport" <itsupport@discussions.microsoft.com> wrote in message
news:446A0EFF-1D5C-435B-905D-A73873CDA666@microsoft.com...
> I'm sorry if this is not the right forum to post this.
>
> 2 days ago, something strange has happened to our work computers. It
> happened to our windows 2003 server and several other users' pcs (win2K
and
> win XP). cmd.exe window will pop up but no scripts is shown. Then, IE will
be
> opened by itself and goes to websites like rotten.com showing gross pics,
> google and etc. Also, sometimes Solitaire, Calculator, My Documents will
be
> opened too. This happends randomly throughout the day.

This doesn't sound like most viruses. Could be an internal prank by someone
there, or a remote control Trojan. Make sure your network has a firewall,
and that your anti-virus has been updated in the past week.

AV can be disabled by attackers so that it looks like it is still working.
Try running a second opinion AV scan by going to
http://housecall.antivirus.com

Also, Windows root kit functionality can hide viruses from the locally
logged in user... try using a known virus free computer to scan other
computers across the network using a Windows netowrking share and regular
anti-virus. You could also use an anti-virus boot floppy disk from your
antivirus vendor or a free live boot rescue CD from BitDefender.

If these don't help, see here:

http://securityadmin.info/faq.asp#startup
http://securityadmin.info/faq.asp#hacked
http://securityadmin.info/faq.asp#harden



Relevant Pages

  • Windows XP DHCP does not work
    ... where DHCP does not work on Windows XP computers. ... This happends on ...
    (microsoft.public.windowsxp.network_web)
  • Help with 070-217
    ... The network contains 25,000 computers. ... single Windows 2000 domain named research.contoso.com. ... Server computers that are configured as domain controllers. ...
    (microsoft.public.cert.exam.mcse)
  • Re: Help with 070-217
    ... The network contains 25,000 computers. ... > single Windows 2000 domain named research.contoso.com. ... > Server computers that are configured as domain controllers. ...
    (microsoft.public.cert.exam.mcse)
  • RE: Help with 070-217
    ... The network contains 25,000 computers. ... > single Windows 2000 domain named research.contoso.com. ... > Server computers that are configured as domain controllers. ...
    (microsoft.public.cert.exam.mcse)
  • Re: upgrading frm XP Home to Pro
    ... Why do you think you need Windows XP Professional? ... won't and we need to upgrade all the computers to Pro. ... You bought a server to 'network your computers' and so you can ... software) would give you the same abilities as 'Remote Desktop' ...
    (microsoft.public.windowsxp.general)