Re: Help, I've been hacked
From: Wesley Vogel (123WVogel955_at_comcast.net)
Date: 03/07/05
- Next message: Andyboy114: "Re: EFS Document Recovery"
- Previous message: Torgeir Bakken \(MVP\): "Re: EFS Document Recovery"
- In reply to: TxRose: "Re: Help, I've been hacked"
- Next in thread: TxRose: "Re: Help, I've been hacked"
- Reply: TxRose: "Re: Help, I've been hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 7 Mar 2005 07:39:25 -0700
Kim,
Event ID & the Event Source are very important.
To open the Event Viewer...
Start | Run | Type: eventvwr | OK
For any Events that seem related to the problem...
Double click the event in Event Viewer | Click: the button below the second
arrow (looks like two pages) [[Copies the details of the event to the
Clipboard.]] | Paste into Notepad | Click:
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Read all info | Copy and paste to Notepad | Click the [+] Related Knowledge
Base articles | Follow any links that might be useful
HOW TO: View and Manage Event Logs in Event Viewer in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308427
Event Viewer overview
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/event_overview_01.mspx
This can also be very useful.
You need to have the Event ID & the Event Source.
To view Windows XP Events and Errors, type the Source (for example, Print)
and/or the Event code (for example, 20) into the ID field, then click the Go
button. Source and Event codes may be found in the Event Viewer logs.
Windows XP Home/Professional Events and Errors
http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20XP%20Professional&ProdName=Windows%20Operating%20System&MajorMinor=5.1&LCID=1033
-- Hope this helps. Let us know. Wes MS-MVP Windows Shell/User In news:36B7EF3A-84CB-43FF-AE71-0809F24ED301@microsoft.com, TxRose <TxRose@discussions.microsoft.com> hunted and pecked: > Hi Wes, > Yes, it appears that did help. > It shows disabled, instead of being started. > I also see no entries listed of a remote access in the event viewer. > Whoo hoo..LOL > > This entry in the event viewer looks good: > The Remote Access Connection Manager service was successfully sent a > stop control. > Thank you for helping me get that turned off. > > However, when I just rebooted, I did see these, which do not look > good in my opinion, but I could be wrong: > > The first one has been going on for a long time, and is still > showing. > > Logon Failure: > Reason: Unknown user name or bad password > User Name: Owner > Domain: OWNER-1E81AA74C > Logon Type: 2 > Logon Process: Advapi > Authentication Package: Negotiate > Workstation Name: OWNER-1E81AA74C > > The protected system file c:\windows\system32\racpldlg.dll could not > be verified as valid because Windows File Protection is terminating. > Use the SFC utility to verify the integrity of the file at a later > time. > > The TCP/IP NetBIOS Helper service depends on the AFD service which > failed to start because of the following error: > A device attached to the system is not functioning. > > Your computer was not able to renew its address from the network > (from the DHCP Server) for the Network Card with network address > 0011099706B4. The following error occurred: > The semaphore timeout period has expired. . Your computer will > continue to try and obtain an address on its own from the network > address (DHCP) server. > > Your computer has detected that the IP address 66.25.204.98 for the > Network Card with network address 0011099706B4 is already in use on > the network. Your computer will automatically attempt to obtain a > different address. > > Your computer has detected that the IP address 0.0.0.0 for the > Network Card with network address 0011099706B4 is already in use on > the network. Your computer will automatically attempt to obtain a > different address. > > Your computer was not able to renew its address from the network > (from the DHCP Server) for the Network Card with network address > 0011099706B4. The following error occurred: > The semaphore timeout period has expired. . Your computer will > continue to try and obtain an address on its own from the network > address (DHCP) server. > > The following boot-start or system-start driver(s) failed to load: > Aavmker4 > AFD > aswTdi > Fips > intelppm > IPSec > MRxSmb > NetBIOS > NetBT > RasAcd > Rdbss > Tcpip > vsdatant > > Looks like a fun time huh? > > Kim > > "Wesley Vogel" wrote: > >> Kim, >> >> Reboot. >> >> And then check on the Remote Access Connection Manager in Services, >> it probably won't have started since you disabled it. >> >> -- >> Hope this helps. Let us know. >> >> Wes >> MS-MVP Windows Shell/User >> >> In news:452BD71A-2811-4B73-AFCA-5A9930F9F063@microsoft.com, >> TxRose <TxRose@discussions.microsoft.com> hunted and pecked: >>> Hi Wesley, >>> Here ae the results from what I just did in the services.msc. >>> >>> The Remote Access Auto Connection was already stopped, and I did the >>> type set to disabled. >>> >>> The Remote Desktop Help Session Manager, was also stopped, and I did >>> the type set to disabled. >>> >>> The Remote Access Connection Manager would not allow me to stop it. >>> The type set is set to Start, but I got an error saying : >>> Could not stop the Remote Access Connection Manager on Local >>> Computer. Error 1053: The service did not respond to the start or >>> control request in a timely fashion. >>> Anyway, I did the type set to Disabled. >>> >>> I am not sure if I should have, but I stopped the secondary logon, >>> and set it to disabled too. >>> >>> It looks like there are alot of things there I would like to >>> disable, but I won't without some kind of assistance first. >>> >>> Now, when I right click on my computer/properties/remote tab, it is >>> unchecked to Allow REmote Assistance invitations to be sent from >>> this computer. >>> There was not another option listed. >>> >>> Kim >>> >>> "Wesley Vogel" wrote: >>> >>>> [[Remote Access Auto Connection Manager is on by default in Windows >>>> XP Professional computers that are not members of a domain and in >>>> Windows XP Home Edition.]] >>>> >>>> Open Services and disable Remote Access Auto Connection Manager... >>>> >>>> Start | Run | Type: services.msc | Click OK | >>>> Scroll down to and double click: Remote Access Auto Connection >>>> Manager | If the service is running, click the Stop button | When >>>> it has stopped, under Startup >>>> type set to Disabled | Apply | OK | >>>> >>>> Do the same for Remote Access Connection Manager & Remote Desktop >>>> Help Session Manager. >>>> >>>> Right click My Computer | Properties | Remote tab | >>>> Make sure that both of these are UNChecked: >>>>  Allow Remote Assistance invitations to be sent from this >>>> computer  Allow users to connect remotely to this computer >>>> >>>> Turn on a firewall. >>>> >>>> -- >>>> Hope this helps. Let us know. >>>> >>>> Wes >>>> MS-MVP Windows Shell/User >>>> >>>> In news:E8DF3AE0-4FCB-47DB-8EEA-BAED4DBF1773@microsoft.com, >>>> TxRose <TxRose@discussions.microsoft.com> hunted and pecked: >>>>> I have very very stramge entries in my registry and event viewer >>>>> that are adding up to no good. >>>>> >>>>> I have talked with Microsoft today, and what we tried did not >>>>> solve the problem. >>>>> I really don't want to wait until Monday to call them back. >>>>> >>>>> Does anyone know where I might find where remote access connection >>>>> manager is in the registry?
- Next message: Andyboy114: "Re: EFS Document Recovery"
- Previous message: Torgeir Bakken \(MVP\): "Re: EFS Document Recovery"
- In reply to: TxRose: "Re: Help, I've been hacked"
- Next in thread: TxRose: "Re: Help, I've been hacked"
- Reply: TxRose: "Re: Help, I've been hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
