-
January 17th, 2005, 08:00 PM
#1
Senior Member
been hacked
As I was reviewing the AnitVirus logs on the server this am I found some interesting stuff happened over the weekend.
remadm-remoteadmin -- raddrv.dll
remadm-remoteadmin -- admdll.dll
remadm-remoteadmin -- nvsvc.exe
does anyone know what those belong too. We found a couple of dameware services and such enabled as well.
They pretty much turned off every service, and than turned it back on before they left.
Nice of them since they crashed exchange while they were doing whatever.
I got the guys IP and hostname and it appears its someone from paris france who had a static IP. Is there anything I can do beside contact the ISP who propabaly doesn't give a dam?????
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|