Re: HELP, Hacked with machine account

• Previous message: Mark: "FASH.EXE and Malware"
• In reply to: HACKED OFF: "HELP, Hacked with machine account"
• Next in thread: HACKED OFF: "Re: HELP, Hacked with machine account"
• Reply: HACKED OFF: "Re: HELP, Hacked with machine account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 29 Jul 2004 22:19:57 GMT

First run a virus scan and trojan scan [SwatIt is a free download] program with
current definitions to see if they can find anything malicious being sure to use
latest definition files from what ever product you use. You can't disable
NTAuthority.

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
 -- try here also.

There are free tools from SysInternals if you want to explore what has happened
including Autoruns, TCPView, and Process Explorer. Autoruns will list startup
programs from many possible places on your computer and TCPView will show what
application/process is listening on a port while Process Explorer will give more
detailed information on the process. Booting into safe mode may be worth a try to
bypass problem to make repairs.

A big concern would be how did this happen and how can you prevent this from
happening again. A properly configured firewall, up to date virus protection that
also scans all email, keeping current on critical updates, and using a good password
are places to start. You can look in Local Group Policy via gpedit.msc to see if any
startup or logon scripts are configured there. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;322241 --- Group
Policyscripts.

"Blueman (HACKED OFF)" <Blueman (HACKED OFF)@discussions.microsoft.com> wrote in
message news:5D87D54D-F8E4-4C59-84A0-92890263446A@microsoft.com...
> I was hacked by a person usering a machine$ account and nt authority. How can I
view the system accounts and how can I disable the NT Authority. Looks like hacker
has a script running to change all my settings after I logon. How can I tell what is
being loaded and in what order
>
> Thank for you all your help

• Previous message: Mark: "FASH.EXE and Malware"
• In reply to: HACKED OFF: "HELP, Hacked with machine account"
• Next in thread: HACKED OFF: "Re: HELP, Hacked with machine account"
• Reply: HACKED OFF: "Re: HELP, Hacked with machine account"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: CPU usage at 100% ... Consider a System Restore. ... Run Process Explorer (free download from sysinternals.com). ... "Context Switches" (more accurate than "CPU" for fast machines!). ... (microsoft.public.windowsxp.general) Re: PC Slow and runs at 100% cpu ... For further information about Process Explorer see he ... DarrylJS wrote:- ... I have a similar problem CPU usage at 80%+ disk continually being ... above, run full virus and spyware checks, latest MS Malicious ... (microsoft.public.windowsxp.perform_maintain) Re: Expert needed, TCP DUMP INSIDE, HELP!!!!! ... Kind of had a hunch i had a virus when before connecting ot ameritrade ... (kind of obvious whats going on in the script) ... Oh and Thank you for telling be about process explorer and active ... (comp.security.firewalls) Re: Event 12294 SAM error ... I'll give Process Explorer a try. ... The reason I'm also rather sure it isn't a virus is the virus they post on ... "Adrian Grigorof" wrote: ... coming from the webserver and not a specific workstation. ... (microsoft.public.windows.server.active_directory) Re: PC Slow and runs at 100% cpu ... For further information about Process Explorer see here: ... To trace the particular Service involved you need to turn off each service in turn and then restore it noting what effect it has on CPU usage. ... DarrylJS wrote: ... above, run full virus and spyware checks, latest MS Malicious ... (microsoft.public.windowsxp.perform_maintain)