Re: Someone hacking a computer on our network!!

From: Peter Kaufman (pmkdatabase_at_yahoo_dot_ca)
Date: 07/29/04

• Next message: Peter Kaufman: "Re: Win2k Frames and IExplorer"
• Previous message: Peter Kaufman: "Re: Preventing use of backdoor"
• In reply to: greenbay: "Someone hacking a computer on our network!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jul 2004 18:28:34 +0700

This is more of a question to the experts that responded but you might
want to try it in any case ... I wonder if a tool like Active Ports
might be handy to get more info on what is going on - it should show
all traffic in and out including any initiated by a trojan.

Peter

On Wed, 28 Jul 2004 17:52:13 GMT, greenbay <greenbay@telia.com> wrote:

>It has happend three days, first two months ago, second were yesterday
>and thrd day was today,
>
>Its a windows 2000 pro, sitting behind i firewall. The hacking
>symptoms is like pcanywhere och vnc, you can see everything day do.
>First time they wrote something in the start-run, yesterday they tried
>to change password on the computer.
>
>I have scanned the computer with mcaffe virusscan, spybot, adaware,
>aatools, and spyremover(dont remember the name) is installed on the
>computer.
>I have checked the registry for porgrams that starts up, checked
>installed programs(add remove programs), going thru the services,
>checked process running under task manager. Looked for strange
>connections from the computer, witch netstat. And havent found
>anything. i havent checked this things when the computer was remote
>controlled, but right after, without switching off the computer.
>
>I can guess the computer makes a connection out from the network to
>the hackers computer or something. I have checked the firewall for vpn
>connections and there is nothing unusual with them.
>
>Anyone have ANY suggestions, I will try them all :)
>
>Thx
>

• Next message: Peter Kaufman: "Re: Win2k Frames and IExplorer"
• Previous message: Peter Kaufman: "Re: Preventing use of backdoor"
• In reply to: greenbay: "Someone hacking a computer on our network!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: What is the Pattern here ? ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ... (comp.security.firewalls) Re: Black Ice confesses faulty program!!! ... > outgoing connections or traffic except in cases where these connections ... > "dangerous/suspicious" traffic by the BlackICE program. ... > get into your machine then even a PC *without* a firewall is completely ... If you don't think "Spyware" is a problem for computer ... (comp.security.firewalls) Re: Port 135 ... The patch doesn't disable DCOM / RPC, so connections can still be made. ... That's why you need a firewall. ... the patch is not the thing to control ... control over your TCP/IP ports and services, ... (microsoft.public.security) Re: Networking/Security Question... ... The router itself will be a Cisco 1721. ... >setup is very simple... ... XP sp2 having the firewall on by default. ... > # but deny established connections that don't have a dynamic rule. ... (freebsd-net) Re: XPsp2 firewall - bug? - disables on certain networks ... Firewall Settings for Microsoft Windows XP with Service Pack 2" document ... Even if the DNS suffix is different, the computer can get a new policy from ... manually enter the DNS server and suffix settings for all connections. ... (comp.security.firewalls)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint