July 6th, 2002, 02:18 PM
User Profile Windows XP
I have be having a problem with an intrusion using my netbios. When I went and looked at system items today I noticed that on my profile panel there was the profile set up and named what I originally named it, and a second account named "unknown". Could this be part of the hack that has happed to me and can I just delete the "unknown" account?
July 6th, 2002, 04:06 PM
disable file and printer sharing.
go to the command line and type 'net share'.
if you do not get an error message you are vulnarable by sharing some things with the rest of the internet.
Go to services via control panel and disable 'server services'.
If you were vulnarable this is probably the result off a hack.
July 6th, 2002, 06:50 PM
hey noODle: Thanks for the tip. When I went to my admin tools to turn off "server" under services it said this will disable my browser. I don't really want to shut that off. I did run the command line and did not get an error message so I guess I do have a vulnerability. I did however shut of file and printer sharing at the admin tools level.
July 7th, 2002, 06:59 AM
You may also want to shut off Remote Assistance.
July 7th, 2002, 07:08 AM
Let me ask you something because I never understand why people have that vulnerability open, why did you even let netbios file sharing happen? And yes, definitely turn off netbios sharing then goto http://www.grc.com and you can get a quick port scan done and see if your port 139 is open. If it is then get a firewall immediately because it looks like you may or may not have file sharing disabled.
July 7th, 2002, 01:59 PM
I had a firewall when the breach happened. In fact, that's how I know I was breached because my Sysgate Personal Firewall software gave me an alert. I own Norton System Works and a subscription to their virus upgrades. I am one of those people that does not have a lot of network information but I am learning fast. Ultimately, is there a way to just replace my ntoskrnl.exe the file that seems to have been modified by the hack?
July 9th, 2002, 09:53 PM
The problem is: You are not a target but a means. They'll try to install remote service to have your computer participate in an attack without you knowing. Loads of 2000/XP computers are trojaned.
The people are unaware and the hacker has no interest in telling someone he has trojaned him.
With nowadays highspeed home connections it is trivial that these home computers secure themselves. Read the DoS report on grc.com if you do not get what i am talking about.
Disableling 'server service' will not harm your browser.
'net share [cr]'
'the service name is invalid'
remember to set it so it will not start up again at next boot.