My WinXP box got r00ted?
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: My WinXP box got r00ted?

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    11

    Question My WinXP box got r00ted?

    Recently I noticed whenever my machine was connected to the internet it would start sending as much data as it could. After I noticed this I switched off the router it was behind and started poking around the registry and my software firewall. I noticed that my Norton Personal Firewall had had an administrator password set on it. I always set OS level passwords, but I never use application passwords. Also, I use the NT style logon for XP. I was not even able to enable the firewall (it had been disabled) because of the password. I'm not sure what would have caused this and it has driven me to a new level of paranoia. Hopefully it was spyware or an update I missed. I keep my Norton AntiVirus up to date automatically and do Windows updates every week or so. I of course totally reformatted and wiped that drive and now I am up and running like normal. Does anyone know anything that could have caused this, for example, any kind of popular malware? This is another reason I use my Apple running OS X 10.3 for anything financial or extremely private.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I would definetly do something to re-enable your firewall, although if something was done once it can be done again. So I would do whatever you have to do to get that running, even uninstall then reinstall it. Then scan for everything you can think of, spyware/adware, viruses, registry, etc. Does anyone have physical access to your computer that would play a joke on you or would do bad things to your computer? I would also backup all your data. Just watch out for anything out of the ordinary like new folders, check your processes running via ctrl+alt+delete. There are tons of threads floating around this place on things you can do, check out the search utility. Good luck.

  3. #3
    Junior Member
    Join Date
    Oct 2003
    Posts
    11
    I reformatted my system partition after I realized it had been severely 0wn3d. I keep all my data backed up all the time on DVDs and isolated hard drives. Also, nobody has physical access to my computer. I lock it everytime I get up from the desk. [Edit] New Idea: My wireless was wide open at the time. However, none of the other machines on my network have any symptoms of being rooted and the machine that was rooted is does not have a wireless NIC, therefore it is not directly on the wireless section of the network. Just to call to mind another possibility.

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    123
    its very possible that someone was able to get into your system and change the firewall password, especially if you had open ports to begin with and whoever penetrated your system simply turned off your firewall then was able to more directly access your computer. i would suggest checking this site out https://grc.com/x/ne.dll?bh0bkyd2
    scans your comp for ports and vulnerabilities, definatly helped me lock down my system
    -cheers
    speak your mind becuase those who matter don\'t mind and those who mind don\'t matter

  5. #5
    Junior Member
    Join Date
    Oct 2003
    Posts
    11
    I think I am going to go back to running Zone Alarm Pro. I went with Norton's firewall for a while but I did notice it had a nasty habit of leaving ports open.

  6. #6
    BIOS Bomber
    Join Date
    Jul 2003
    Location
    Michigan
    Posts
    357
    Originally posted here by Pasty
    I think I am going to go back to running Zone Alarm Pro. I went with Norton's firewall for a while but I did notice it had a nasty habit of leaving ports open.
    Oh dear God no. Zone alarm pro sucks. actually all of their products suck. It's not very secure, and it isn't exactly on the list of stable software either. Macfee firewall seems to work well for Windows machines. I would recommend that. You can set the number of pings, either dont allow a responce, or even to set a maximum number you can recieve per second, and a few other things that make it worth the few bucks it costs.

    Just whatever you do, don't go back to Zone alarm.
    "When in doubt, use Brute Force."

    Never argue with an idiot. They'll drag you down to their level, then beat you with experience.

  7. #7
    Senior Member
    Join Date
    Dec 2001
    Posts
    319
    If you're going to use a software firewall, use Sygate's. It's the best I've seen.

  8. #8
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,696
    I'll second the Sygate.

    I run it on two of my machines right now.

    Just a thought, pardon me if it's stupid, is it still considered "rooted" if it was a _Windows_ box?
    Real security doesn't come with an installer.

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Yes, windows boxes can be rooted also. APIHijack comes to mind, but there are others.

    Pasty, a firewall doesn't just "leave" ports open. It functions according to the rules you specify. And it doesn't really sound like you got rooted, but you really haven't given enough information...it sounds more like spyware. But I could be wrong.

    Mandrake, for grins and giggles, do you have that list of stable software you are talking about? I'd like to see it, because I had some compatibility issues, but other than that, it worked just fine, easy to configure...

  10. #10
    Junior Member
    Join Date
    Dec 2003
    Posts
    29
    Umm i have a question about your title of the the thread was "My WinXP box got r00ted". I was wondering why you choose that title but u didnt mention anything about being rooted in your question? And are we thinking of the same meaning of rooting. ohwelll!!!! I would definitly put your firewall back up, and i would check to see if you have any open ports. Then change your password !!!!!!!!!!!!!!!!!!!!!!!!
    There is only 10 types of people who understand binary those who do and those who don\'t.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •