Outside party using remote access to gain network control
From: Rob (rstivers_at_hcis.net)
Date: 04/26/03
- Next message: dawn lots: "firewall poss"
- Previous message: taurarian: "Re: help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Apr 2003 01:13:24 -0700
We are on a Windows 2000 server and everyone but me has
98 on their machine. I have a new laptop with XP home.
Over the past few weeks I had noticed files and
directories changing on my hard drive and new short cuts
appearing in odd directories. When I view nethood in my
documents folder I can access the network from there
without logging in. This is new. We noticed a major
slowdown in our software calculations and print
routines. When I looked at the temp print files, they
were building in size and not deleting after print. I
took my laptop off line and viewed tons of suspicious
files referencing the wireless feature of XP with code
which appears to be able to FTP our print files to a
URL. I have been able to delete and rename the files as
we go. We initially were all open to the internet
through our desktop DSL. We have now installed a
router/firewall (I tried zone alarm pro on my machine and
it did not stop the problem), I have added a new Compaq
desktop with XP home and aleady am having the same
problems.
I noticed the operating system was changing from Windows
XP/fast detect to Windows Media Center/Fast Detect.
Along with this we are now having problems accessing the
proper level of authorities on both our server and our
desktops. Print configs are dropping like flies. My
partner and I have at times lost our admin rights while
sometimes a desktop in a staff's office shows up
as 'admin'. My laptop is pretty much toast now but
rather than start from scratch I would like to find the
best way to not only stop the intrusion, but to find out
who they are so I am still viewing files and saving
snapshots. The problem is most of bogus files are dated
2/20/03 which was the last day of a disgruntled employee
but it still seems they are accessing our system. I
downloaded an update yesterday which seemed to help but
came in today and the same problems are starting over
with evidence on all the other machines in the office as
well. Most will not allow scandisk and even getting into
safe mode takes several tries.
I have viewed tons of files and made screenprints which
back up the bogus changes and background jobs but need
advice on stopping this at both the server and the
workstations.
Thanks,
Rob
- Next message: dawn lots: "firewall poss"
- Previous message: taurarian: "Re: help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
