Re: Win2k machine hacked with Serv-U FTP etc
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 29 May 2006 10:58:20 -0700
"JM" <jm@xxxxxxxxx> wrote in message
news:kuEeg.33351$YI5.19631@xxxxxxxxxxxxxxxxxxxxxxxxx
My father's Win2k machine has been hacked. Saturday he called me in a
panic, and when I got to his house I could see why. There were windows
opened all over his desktop (I will upload screenshots to my web server if
it will help), a command window starting the Serv-U FTP service and
checking
ipconfig settings, a web browser opened to his router with a service
started
on port 333, a shortcut to an app, and the 2000 services and computer
mngment window.
I'm not familiar enough with 2000 to know how to investigate exactly what
happened. What I'm more interested in is where to go from here. My gut
tells me to immediately backup all his important files, reformat,
reinstall,
and set him up with improved security measures. I also think a call to
his
cc companies are in order, as well as changing all passwords to all
accounts, websites, etc.
I would recommend that you go with your gut as outlined.
Whether he did anything after infestation that might have exposed
such as cc numbers or whether they were stored anywhere you do
need to assess - but keep in mind infestation may have been long
ago with the symptoms now seen only result of calling home with
what had been gathered.
I am sure you already have, but disconnect wires to the world, and
scan the backed-up data every way short of useless overkill.
What were the hacker's main purpose?
Please advise me in other ways. I'm not interested in finding fault with
how he had things set up, other than to learn from his mistakes. While
he's
not a computer expert, he's not a newbie either.
thank you,
wjm
.
- References:
- Prev by Date: Re: Win2k machine hacked with Serv-U FTP etc
- Next by Date: Re: 802.1x support
- Previous by thread: Re: Win2k machine hacked with Serv-U FTP etc
- Next by thread: Re: 802.1x support
- Index(es):
Relevant Pages
|
