Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: somebody shutsdown my pc in college

  1. #11
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    check out the eventviewer. You should find at the very least information on how the computer is shut down and depending on the application or method used maybe even from which computer the shutdown was sent from.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  2. #12
    Junior Member
    Join Date
    May 2003
    Posts
    2
    See whether there is any pstools or any other PS related softwares intalled in your system.

    The "PS tools" dont even need to be installed in the victim's computer. I was able to (to my own surprise ) view a list of processes, kill any particular process, and even shutdown a remote PC of one of my friend in our Office LAN using PSTools from sysinternals . All I had was local Admin-type priviledges to my own PC (Not the whole network).


    Am not sure how to protect myself against it, though

  3. #13
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    actually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same. also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  4. #14
    Junior Member
    Join Date
    May 2003
    Posts
    2
    ctually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same.

    Hmmm....Maybe you are right. I donno about remote admin account, but the login name he used to logon had a blank password


    also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
    I always suspected that, but never bothered to check his event log, so a I am off to check that.


    Thanks, MURACU, for the info.

  5. #15
    i dont use any chat programs
    all i do is c and vb programming nothing else
    i dont find anything in event viewer
    i also dont have any access to advance tools cause we use windows 2000
    use student account with no password its a user level account
    thanks for your support

  6. #16
    Junior Member
    Join Date
    May 2006
    Posts
    2
    Wow guys! I am surprised that no one mentioned the use of rootkits! It sounds like someone is using the host:reboot command from backorifice. Try a rootkit scanner such as <a href="http://www.rootkit.nl/projects/rootkit_hunter.html[rootkit hunter]" rel="tag">[rootkit hunter]</a>
    (if you are using a linux/unix machine) I did not catch it-- are u using one of those or windows?

  7. #17
    Junior Member
    Join Date
    May 2006
    Posts
    2
    Sorry guys! had a bit of trouble with the HTML there!!! Here is the link!!
    rootkit hunter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •