|
-
January 23rd, 2006, 05:34 PM
#11
Drive light blinking can have other reasons. One of them being the indexing service. The other being the virusscanner.. Or even pagefile swapping..
Unplug it from the internet and see if it's still blinking.. Or look at your network traffic.. Configuration -> Network Connections. Double click the active network connection. Look at bytes transfered/received..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
January 23rd, 2006, 05:52 PM
#12
splatch: Try Blacklight by f-secure... and also rootkit revealer at www.sysinternals.com. Do a port scan on your friends computer... look for any odd ports... if you see one, google it to find out what different possibilities there are for that port being open.
westin
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
January 24th, 2006, 06:40 AM
#13
Junior Member
Hi splatch,
If the hard drive light is on continually, then there is probably a lot of disk I/O going on. I would download "Filemon" from SysInternals (http://www.sysinternals.com/Utilities/Filemon.html) and have a look. Filemon should tell you exactly what's being read and written to on the disk, in real time. A very useful tool.
And if you really suspect someone (a cracker) is on the system, do a "netstat -n" at the command prompt and look for any suspicious established connections.
- Uncle D
-
January 24th, 2006, 06:56 AM
#14
Originally posted here by splatch They had 4 users passworded on my Norton, none of them were me. Eventually my system was under their total control. I was madly copying files onto CD, trying to get proof onto CDs, when they shut down my CD and DVD ROMs. I use Linux now, it's hard, but I hate M$.
[/B]
I smell a rat. Why would you leave your machine on the internet if you knew it was under their control?
-
January 24th, 2006, 03:53 PM
#15
I'm with Nihil on this one,
The biggest problem i find with non compter savy people is that they just leave them on all the time. If its not in use pull the plug! 
My cable modem comes with a standby button so when i'm not using the connection, i just turn it off. The very first thing that i would do for your friend is to check for a standby button on the connection, and if it doesn't have one then make sure that they know how to pull the connection out when they're not using the net. This can either be at the wall or behind the back, and if neither of those are accesible, buy a second cable, one from the wall, one from the PC, make sure both are long enough to reach to the open and then you can disconnect there. Cheap as chips! 
You'll find that if these people don't have ready access to the PC, depending on what they are using it for, they might just move on to some other poor schmuck. Once that is done you then need to start cleaning. Make sure that you are not connected while cleaning, duh, and then post a HJT log so people here can look at it.
I had a 900Mhz with only 256mb of ram that ran like a dog with XP Pro, (nothing else loaded, just xp) i then stuck another 256 in and it runs like a dream now. So with norton etc loaded your 500Mb could easily be taken up, do you hear the hard drive churning a lot, if so you definately need more RAM, basically if you here it churning regularly it means your ram is full, if its silent then the RAM is probably enough. Also go and find a RAM monitor that way you can tell.
Anyway good luck with it. 
-
January 24th, 2006, 04:55 PM
#16
That is a lot of machine, though I am not sure you know exactly what it is Is that accurate? All guesstimates need to be stated as such for accurate analysis, failure to do so indicates lack of understanding. But to what extent also needs to be understood.
Well, the activity light in front is on all the time.
What is meant by this ???
Is it the hard drive light? Or is it an ethernet connection?
If it is the hard drive light, it could be a hard drive problem, a software problem, or include the below.
If it is an ethernet connection light, it could be a software problem, indication that the box has been rooted, is being used as a remote bot, a proxy, a spammer, etc., or normal activity ..... my cable connection receives constant incoming connection requests, scans, broadcasts, etc.
If it has been rooted ....... reformat, reinstall, period.
If not, post the logs ( which you haven't to this point ) and maybe someone could actually help.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
January 27th, 2006, 02:22 PM
#17
Junior Member
Well, the activity light in front is on all the time.
There are a few things that could mean IKnowNot covered a couple of them but have you thought of just you basic stuff i.e. virus scan. I know you said she hasn't done anything but most everything machine has a basic virus scan (Norton, Mcafee) that comes with the computer are you sure that is not running in the background.
I would not jump to a conclusion and say that there is someone on there tinkering. But I would pull the plug on the system get off all important files and try to save what is remaining with the OS if XP is needed. Finally the best way to run a "gremlin" scan is in safe-mode.
-
January 27th, 2006, 08:51 PM
#18
start > run > msconfig
MS help here
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
