-
May 22nd, 2006, 10:28 AM
#11
check out the eventviewer. You should find at the very least information on how the computer is shut down and depending on the application or method used maybe even from which computer the shutdown was sent from.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 22nd, 2006, 11:04 AM
#12
Junior Member
See whether there is any pstools or any other PS related softwares intalled in your system.
The "PS tools" dont even need to be installed in the victim's computer. I was able to (to my own surprise ) view a list of processes, kill any particular process, and even shutdown a remote PC of one of my friend in our Office LAN using PSTools from sysinternals . All I had was local Admin-type priviledges to my own PC (Not the whole network).
Am not sure how to protect myself against it, though
-
May 22nd, 2006, 11:10 AM
#13
actually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same. also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
May 22nd, 2006, 11:39 AM
#14
Junior Member
ctually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same.
Hmmm....Maybe you are right. I donno about remote admin account, but the login name he used to logon had a blank password
also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
I always suspected that, but never bothered to check his event log, so a I am off to check that.
Thanks, MURACU, for the info.
-
May 22nd, 2006, 11:47 AM
#15
Junior Member
i dont use any chat programs
all i do is c and vb programming nothing else
i dont find anything in event viewer
i also dont have any access to advance tools cause we use windows 2000
use student account with no password its a user level account
thanks for your support
-
May 23rd, 2006, 12:30 AM
#16
Junior Member
Wow guys! I am surprised that no one mentioned the use of rootkits! It sounds like someone is using the host:reboot command from backorifice. Try a rootkit scanner such as <a href="http://www.rootkit.nl/projects/rootkit_hunter.html[rootkit hunter]" rel="tag">[rootkit hunter]</a>
(if you are using a linux/unix machine) I did not catch it-- are u using one of those or windows?
-
May 23rd, 2006, 12:34 AM
#17
Junior Member
Sorry guys! had a bit of trouble with the HTML there!!! Here is the link!!
rootkit hunter
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|