win2000 security

[ard]

i tried to find the answer in those threads but i couldn't.
running win2000 sp4
anyways: i was talking to my friend and he told me that he can browse my files. i told that he must be kidding but then he sent me a screenshot, where i saw my files. this sounds idiotix but i couldn't bleieve it. no files were shared, there were no other users, no opened ports, no viruses, nothing suspicious but he could browse my files...
i just want to ask how could it happen? i have DL'ed all critical upadates, the system was installed for about one week.
i thought that i wasn't a newbie on MS platforms but that proved me that i'm wrong.
any comments how could it be possible?

[Soda_Popinsky]

If your updates are there:

1. You have netbios enabled
2. You have a trojan
3. He knows your password

I doubt they have a zero day.

Get rid of the virus here:
http://www.antionline.com/attachment...achmentid=4913

If it's customized virus, use TCPView or FPort and HijackThis, and Ethereal to try and nail it. Netbios can be turned off in your network connection properties, and change your password too.

Theres probably other ways but I bet it's a trojan.

[ard]

anyways win2000 with it's sp4 doesn't seem to be very secure...
i couldn't have any trojans and he couldn't knew my password.
netbios wasn't disabled on my pc.
can you tell me about netbios? is it an utility to manage network or it is other MS's utility that could be hacked?

[Soda_Popinsky]

First, why do you think you couldn't have a virus?

Netbios is for file sharing, google can tell you more about it than I can. Disable it if you dont use or need it, it's done in the network connection properties.

Maybe if you showed us the screenshot, we can tell what they are using to view your files.

[ard]

i didn't run any executables that can contain trojans. i scanned it with all antiviruses i had... i cant be a virus. maybe netbois is vulnerable because i didn't use a firewall. i thought that win2000 with sp4 was secure. LOL.
i'll upload screenshot later i can't find it at the moment.

[pooh sun tzu]

i thought that win2000 with sp4 was secure.

It is secure. It's secure for people who know how to properly use it.

[Soda_Popinsky]

i didn't run any executables that can contain trojans. i scanned it with all antiviruses i had... i cant be a virus. maybe netbois is vulnerable because i didn't use a firewall. i thought that win2000 with sp4 was secure. LOL.
i'll upload screenshot later i can't find it at the moment.

1. It is a gross misconception that a virus requires a user doubleclicking an attachment or any executable for that matter to be loaded or installed. You can get a virus from simply sitting on the internet.
2. Netcat will not be picked up by a virus scanner, neither will VNC or Remote Desktop or any homemade backdoor. Your virus scanner is 1 step in the diagnostic process.
3.

i thought that win2000 with sp4 was secure.

Unfortunately, this is your fault, not the OS's fault. 99% of security breaches are result of the user.

[Maverick811]

Let me ask you this - what is your network setup? Are both of your PC's part of the same domain - I'm the administrator on my domain at work and I can use the domain administrator account to gain access to any user's PC on my network at anytime I wish. Not sure what kind of screen shot he gave you (for example: a Windows Explorer view or perhaps a command line view) - if command line, I can use 'psexec' from www.sysinternals.com to gain a command line on my users PC's.

Just some thoughts... Let me know your setup, and we can go from there...

[yourdeadin]

welll i have a theory ,may be he has a key logger installed in you system (some keyloggers send out screen shots and the log file through email too) check out for a keylogger

i'll put up a link for such kind of keylogger,ive seen it but never used it though

[rapier57]

One thing I noticed no one mentioned: FAT32. Is the system in question using NTFS or FAT32. FAT32 has no file or folder security, to speak of, so a browser can vew the file structure of a system that has no firewall or other security in place.

Convert the disk if it is FAT32, then see if your friend can view your file structure. If he can still view the file structure, check that he does not have a local account on the system. Right-click My Computer, select Manage, Local Users and Groups, and look at what is in the Users.

In Groups, check that your own local account and the local admin are the only members of Administrators.