Re: HELP, Hacked with machine account
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 07/30/04
- Previous message: Mark: "FASH.EXE and Malware"
- In reply to: HACKED OFF: "HELP, Hacked with machine account"
- Next in thread: HACKED OFF: "Re: HELP, Hacked with machine account"
- Reply: HACKED OFF: "Re: HELP, Hacked with machine account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jul 2004 22:19:57 GMT
First run a virus scan and trojan scan [SwatIt is a free download] program with
current definitions to see if they can find anything malicious being sure to use
latest definition files from what ever product you use. You can't disable
NTAuthority.
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
-- try here also.
There are free tools from SysInternals if you want to explore what has happened
including Autoruns, TCPView, and Process Explorer. Autoruns will list startup
programs from many possible places on your computer and TCPView will show what
application/process is listening on a port while Process Explorer will give more
detailed information on the process. Booting into safe mode may be worth a try to
bypass problem to make repairs.
A big concern would be how did this happen and how can you prevent this from
happening again. A properly configured firewall, up to date virus protection that
also scans all email, keeping current on critical updates, and using a good password
are places to start. You can look in Local Group Policy via gpedit.msc to see if any
startup or logon scripts are configured there. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241 --- Group
Policyscripts.
"Blueman (HACKED OFF)" <Blueman (HACKED OFF)@discussions.microsoft.com> wrote in
message news:5D87D54D-F8E4-4C59-84A0-92890263446A@microsoft.com...
> I was hacked by a person usering a machine$ account and nt authority. How can I
view the system accounts and how can I disable the NT Authority. Looks like hacker
has a script running to change all my settings after I logon. How can I tell what is
being loaded and in what order
>
> Thank for you all your help
- Previous message: Mark: "FASH.EXE and Malware"
- In reply to: HACKED OFF: "HELP, Hacked with machine account"
- Next in thread: HACKED OFF: "Re: HELP, Hacked with machine account"
- Reply: HACKED OFF: "Re: HELP, Hacked with machine account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
