I looked into what secedit does. It is a command line utility to apply a security setting template to a win2k box.
So I compared my (assumed altered) security settings to my win2k box here at work.
The only difference was that it took my computer off the local network (removed all entries from 'access this computer from the network' under local policies\user rights assignment)
I don't get why it would do that - i would have thought it would try to open up more access-
i think it would be to protect there source so that no one else could hack it on them. there is probly a .conf file somewere in that folder possibly in discuse, look at all the .confs and .ini files and the ones that look wrong well, guess what.
Ah fuckit just format the bitch and start over by the time you download all the crap they suggest and do all the reg ediitng youd have a nice clean setup
SOme had him serving definatly because he was connected to an IRC server (hence 216.127.67.188:6667). For those who don't no 6667 is one of the default ports for mIRC(not trying to sound smart I'm just informing.) Some one probably got you on a no Admin password, saw you had alot of bandwidth, and boom used you as a XDCC. If you think you removed it, restart and do as I said before with the netstat, if there us nothing connected to port 6667 (:6667) hopefully it is gone.
PS: Go into command and DIR the local drives recycled folder (usually c:\recycled) and see what you see in there and explore any other folders that don't have the prefix DCxx (xx represents numbers). Usually when they have you as an XDCC they store files in the recycled folder because not many people look in that folder to see physicly whats there. Popping it up by clicking it on the desktop is not ALL the files thats in that folder.
Hope you fixed it, so you don't have anyone coming after you for pirated software since your a business and all.
It was not my work machine that had the trojan - its my home machine (I was just doing the analysation from work via PCAnywhere to my home machine - there is definitely no security holes or accounts with no pw - )
I checked in the recycle folders and nothing weird. Its defintitly gone - I got rid of it a long time ago (all it took was removing the registry key) -
About being used to serve files - That may have been the intent, but it never happened - My bandwidth has not been used when I'm not using it (cable modem, can see the lights)
To the dudes who suggest formatting c: - don't be idiots - I only needed to delete one file, one registry entry, and change back a security setting - that took < 30 min (including analysis time) whereas getting my machine back to its current state with everything installed would take many hours
Originally posted by illmatic36
SOme had him serving definatly because he was connected to an IRC server (hence 216.127.67.188:6667). For those who don't no 6667 is one of the default ports for mIRC(not trying to sound smart I'm just informing.) Some one probably got you on a no Admin password, saw you had alot of bandwidth, and boom used you as a XDCC. If you think you removed it, restart and do as I said before with the netstat, if there us nothing connected to port 6667 (:6667) hopefully it is gone.
PS: Go into command and DIR the local drives recycled folder (usually c:\recycled) and see what you see in there and explore any other folders that don't have the prefix DCxx (xx represents numbers). Usually when they have you as an XDCC they store files in the recycled folder because not many people look in that folder to see physicly whats there. Popping it up by clicking it on the desktop is not ALL the files thats in that folder.
Hope you fixed it, so you don't have anyone coming after you for pirated software since your a business and all.
You should set up a login account for her with regular user access and don't give her your own account passwords. That won't necessarily prevent all of that, but it could reduce it quite a bit.Originally posted by joe_90
i have a simular problem if anyone knows how to solve.
my misses managed to install about 10 shite spyware things in about 20 mins surfing for mp3's. ABout the only time she used the damn computer she fucked it..
anyway my taskmanager in w2k now only shows the Applications tab and not the processes or menus.. anyone know how to change it back. i have removed all the software..
One thing I wish they would have implemented in 2k is the ability to control group policy locally in the same way you can do in a domain. It's a bit limited as it is.
Run adaware to get rid of most of that crap. I don't know about the task manager problem though... never seen that.
well they got access to your machine somehow to put the server on so deleting that reg key stopped it for now but make sure you know how they got in and seal it up
Or, you could just sit back, relax, and let them send you warez. Problem solved.
Originally posted by jack_black
format c:
Posting Permissions
Reply With Quote
Social Networking Bookmarks