Journal FortKnox's Journal: The Result of the Computer Fiasco 15
Well, the 'old' computer wouldn't start because the video card was burnt out. GeForce4 and the fan wasn't working. Installed new video card and voila.
The 'new' computer had 6 reported viruses:
I-Worm/Woff
Dropper.small
Backdoor.Fudoor
Downloader.Rameh
Worm/Ihit
Win32/Resur
Don't bother. Symmantic doesn't have any info on them.... neither does Grisoft (AVG people)...
The only clue was when I attempted to shut down, 2 people were connected to my computer (at least the shutdown said that). I couldn't load up anything to check for who it was, so I hit the power button, instead of shutting down, did the 'last ditch effort' to load up my machine with the 'last successful config' and everything worked peachy... so peachy in fact, I'm quite scared. I installed the latest virus definition update, rescanned everything... nothing found.
No idea what happened. A prank? I'm sitting behind a router, firewall, and antivirus... pretty sophisticated prank.
Any clue at all??
The 'new' computer had 6 reported viruses:
I-Worm/Woff
Dropper.small
Backdoor.Fudoor
Downloader.Rameh
Worm/Ihit
Win32/Resur
Don't bother. Symmantic doesn't have any info on them.... neither does Grisoft (AVG people)...
The only clue was when I attempted to shut down, 2 people were connected to my computer (at least the shutdown said that). I couldn't load up anything to check for who it was, so I hit the power button, instead of shutting down, did the 'last ditch effort' to load up my machine with the 'last successful config' and everything worked peachy... so peachy in fact, I'm quite scared. I installed the latest virus definition update, rescanned everything... nothing found.
No idea what happened. A prank? I'm sitting behind a router, firewall, and antivirus... pretty sophisticated prank.
Any clue at all??
More info? (Score:2)
What firewall are you using? What do the firewall logs say about connections at the time Windows Shutdown reported 2 users?
My guess is you've been cracked. Firewall logs should contain clues.
Yuri
Might have been in ram, but... (Score:2)
Time to rebuild and change all your passwords! FDISK purifies and redeems...
You might (Score:2)
You did run windows update [microsoft.com] recently, right?
As a matter of keeping people from connecting to your resources, make sure port 135 is blocked at the firewall/router. For fun, run some "shields up [grc.com]" goodness to find out what else is open.
Re:You might (Score:2)
Re:You might (Score:2)
Re:You might (Score:2)
-Ab
Just an idea... (Score:2, Interesting)
It's not hard to make stuff like that work correctly, but.. um, how can I delicately say this? I have worked with Windows app developers and.. well.. while I'm sure there are very bright people working on this stuff, you never quite know what you're going to get. Sometimes missing some r
hmmm (Score:2)
The machine was up-to-date with Windows security updates, I assume?
icky (Score:1)
I'd look at what was downloaded recently, from where, etc. Makes me glad the last desktop I downloaded was a jpeg that wasn't compressed, zipped, etc.
Re:icky (Score:2)
I once thought that way as well, but when I downloaded the latest "super uber 31337" version of sub7 to see what new tricks it comes with, there was a nifty binding program that could bind the server to nearly any filetype and run it on opening, including images, office files, zips, even text documents.
It was also somewhat disturbing just how customizable the server program is for launching a sophisticated attac
Re:icky (Score:2)
-Ab
Random security advice (Score:2)
"root" and "user" -- or "God" or "admin" or "l33t" even.
It makes it just that little bit harder to break in.
Run Linux? (Score:2)
Re:Run Linux? (Score:2)
The windows box is there to be a windows box. Its where I put all my windows apps on (games, visual studio, etc...).
Re:Run Linux? (Score:2)
The windows box is there to be a windows box. Its where I put all my windows apps on (games, visual studio, etc...).
I have a windows box here too, but it rarely gets turned on as I do most everything under linux and firing up VMWare is easier than firing up the windows box when I need photoshop or to browse some IE only site.
Basicly it's worth getting to the point that you don't care when your windows clie