User Profile Windows XP
Results 1 to 7 of 7

Thread: User Profile Windows XP

  1. #1
    Junior Member
    Join Date
    Jul 2002
    Posts
    11

    User Profile Windows XP

    I have be having a problem with an intrusion using my netbios. When I went and looked at system items today I noticed that on my profile panel there was the profile set up and named what I originally named it, and a second account named "unknown". Could this be part of the hack that has happed to me and can I just delete the "unknown" account?

  2. #2
    disable file and printer sharing.
    go to the command line and type 'net share'.
    if you do not get an error message you are vulnarable by sharing some things with the rest of the internet.
    Go to services via control panel and disable 'server services'.
    If you were vulnarable this is probably the result off a hack.

  3. #3
    Junior Member
    Join Date
    Jul 2002
    Posts
    11
    hey noODle: Thanks for the tip. When I went to my admin tools to turn off "server" under services it said this will disable my browser. I don't really want to shut that off. I did run the command line and did not get an error message so I guess I do have a vulnerability. I did however shut of file and printer sharing at the admin tools level.

  4. #4
    Junior Member
    Join Date
    Aug 2001
    Posts
    5
    You may also want to shut off Remote Assistance.
    [glowpurple]My only fear of death is coming back to this bitch reincarnated![/glowpurple]

  5. #5
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Let me ask you something because I never understand why people have that vulnerability open, why did you even let netbios file sharing happen? And yes, definitely turn off netbios sharing then goto http://www.grc.com and you can get a quick port scan done and see if your port 139 is open. If it is then get a firewall immediately because it looks like you may or may not have file sharing disabled.

  6. #6
    Junior Member
    Join Date
    Jul 2002
    Posts
    11
    I had a firewall when the breach happened. In fact, that's how I know I was breached because my Sysgate Personal Firewall software gave me an alert. I own Norton System Works and a subscription to their virus upgrades. I am one of those people that does not have a lot of network information but I am learning fast. Ultimately, is there a way to just replace my ntoskrnl.exe the file that seems to have been modified by the hack?

  7. #7
    The problem is: You are not a target but a means. They'll try to install remote service to have your computer participate in an attack without you knowing. Loads of 2000/XP computers are trojaned.
    The people are unaware and the hacker has no interest in telling someone he has trojaned him.
    With nowadays highspeed home connections it is trivial that these home computers secure themselves. Read the DoS report on grc.com if you do not get what i am talking about.




    Disableling 'server service' will not harm your browser.
    'net share [cr]'
    'the service name is invalid'
    remember to set it so it will not start up again at next boot.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •