Re: Paranoia or something more sinister?
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 1 Jan 2006 01:22:14 -0600
Use lusrmgr.msc to check what users are in the local users on your computer
or use the command net users it may not be what you expect. Also make sure
that auditing of logon events is enabled in Local Security Policy so you can
see what users are logging onto the computer and via what logon type as
explained in the link below by reviewing the security log via Event Viewer.
I would also enable auditing of account management. A user account will not
survive a pristine install to a formatted system drive [assuming System
State restore was not done afterwards] but it will for an upgrade/repair
install. It almost sounds like someone has remote control of your computer
and all what you describe sounds very strange and I would be concerned. You
should not rely on intrusion detections alone and should do full system
scans for malware and spyware in Safe Mode also being sure that you are
using the latest updates for your programs. Keeping current with critical
security updates at Windows Updates is also a must.
http://www.windowsecurity.com/articles/Logon-Types.html
Try using the free tools from SysInternals - Process Explorer, TCPView, and
Autoruns to see what processes are starting up at startup/logon, to see
advanced information on what processes are running on your computer
including the associated executable and publisher, and what ports are being
used and by what process/executable. Also I would consider using a firewall
that is more advanced than the Windows Firewall in your case. Something like
Zone Alarm is free and fairly easy to use. Such a firewall will alert you
when an application on your computer that have not approved tries to access
the internet but you need to review the list of applications periodically to
make sure that nothing unusual has been added to the list by someone or some
process. If any other users have access to your computer [friends, family,
strangers,or foe] they could be installing or configuring something that may
be causing your problem. --- Steve
http://www.sysinternals.com/Utilities/TcpView.html --- TCPView and link to
SysInternals
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
--- Protect Your PC tips and other links.
"shreaker" <shreaker@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7E4E6B43-6C25-4D6F-BCC7-7250815DBEA6@xxxxxxxxxxxxxxxx
> Hi All
>
> I believe I may have a few internet security issues that I'd like to run
> by
> you guys -
>
> I have performed a number of professionally assisted operating system
> reinstalls, upgraded Norton Security to 05, I'm operating Service Pack 2
> and
> also use Microsoft AntiSpyware, Search & Destroy and a Windows Firewall.
>
> I also like to ensure I am closely observing generic security advice and
> practices and applying basic common sense (- eg: windows passwords are
> changed intermittently, regular and comprehensive security scans are
> executed
> on a regular basis, password protection for "sensitive" info within
> Outlook
> and Word is used and I aim to minimise any time spent logged on with
> Administrative rights.
>
> However, despite the above, I continue to experience issues that cause me
> some concern. These are as follows -
>
> * The Task Manager "Users" tab displays an old username that I used PRIOR
> to
> full system reinstalls
>
> * Sluggish navigational performance - (eg, desktop icons lagging while
> populating)
>
> * IE browser & Word forms changing size - and I don't believe at my doing
>
> * I don't seem to receive any notifications or Intrusion Detections
> regarding random security breach attempts from either Norton or Search &
> Destroy, as I have done in the past when I've been online for reasonably
> long
> periods of time and/or navigating around less reputable sites
>
> * When attempting to log off I often get the following prompt - "Other
> users
> are currently using this computer. Logging off may cause them to loose
> data,
> are you sure you want to log off?"
>
> (I do not and have not ever operated a LAN and I am aware of issues others
> have noted that are suspected to have been compromised remotely?)
>
> * The mouse often moves across the screen without me operating it - at
> first, I put this down to the nature of an aging infrared mouse - however,
> this is occurring more and more frequently
>
> * The clicking sound of a mouse pointer in action - when I am not touching
> any parts of the computer or running any operations that could cause this
> to
> take place
>
> From observation of any the above - does anything stand out that would
> indicate to you that my PC security may still be at risk? If so, what
> should
> I do that I'm not
> already doing?
>
> I'm hoping it's all just a healthy dose of paranoia - please let me know
> if
> you suspect otherwise and what you would recommend?
>
> Any help here is much appreciated!
>
> Kind Regards
> Damien
>
.
- Follow-Ups:
- Re: Paranoia or something more sinister?
- From: Steven L Umbach
- Re: Paranoia or something more sinister?
- References:
- Paranoia or something more sinister?
- From: shreaker
- Paranoia or something more sinister?
- Prev by Date: Re: Fidding with shimgvw.dll
- Next by Date: Re: Paranoia or something more sinister?
- Previous by thread: Paranoia or something more sinister?
- Next by thread: Re: Paranoia or something more sinister?
- Index(es):
Relevant Pages
|
