As I was reviewing the AnitVirus logs on the server this am I found some interesting stuff happened over the weekend.


remadm-remoteadmin -- raddrv.dll
remadm-remoteadmin -- admdll.dll
remadm-remoteadmin -- nvsvc.exe

does anyone know what those belong too. We found a couple of dameware services and such enabled as well.

They pretty much turned off every service, and than turned it back on before they left.
Nice of them since they crashed exchange while they were doing whatever.

I got the guys IP and hostname and it appears its someone from paris france who had a static IP. Is there anything I can do beside contact the ISP who propabaly doesn't give a dam?????