Re: Hacked and remote controlled computer
From: Lanwench [MVP - Exchange] (lanwench_at_heybuddy.donotsendme.unsolicitedmail.atyahoo.com)
Date: 10/11/04
- Next message: Lanwench [MVP - Exchange]: "Re: Telnet?"
- Previous message: val t: "firewall help"
- In reply to: Micke__1: "Hacked and remote controlled computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Oct 2004 10:32:00 -0400
Micke__1 wrote:
> We used to have a Win 2k sp4 fully patched IBM laptop. Several time
> when the user were connected to our lan, the computer were remote
> controlled. Someone delete mail, choose Start-Run and wrote a message
> to the user. A bit scary. I scanned it with, antivirus software,
> adaware software, check entries in the registry. Checked processes in
> taskmanager, look for strange connections with netstat... but found
> nothing. I format and installed Win XP SP2, and it seems to have
> started again. I can tell for sure that no one from inside our
> network doing it. And even if that was the case it has to exist some
> remote control aplication, which I couldn't found. A thought would be
> that there is some kind of a root kit, but I dont know have to found
> them. I tried to boot in safe mode but there were no strange service
> that was running...
When this first happened, was the laptop protected by a perimeter firewall
on your LAN that blocks all potentially dangerous ports? Was this computer
ever used on unprotected networks? Kept patched with all critical updates,
and running good current generation antivirus software?
- Next message: Lanwench [MVP - Exchange]: "Re: Telnet?"
- Previous message: val t: "firewall help"
- In reply to: Micke__1: "Hacked and remote controlled computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
