My WinXP box got r00ted?

Printable View

Show 40 post(s) from this thread on one page

December 15th, 2003, 05:24 PM
phorvati

I would get to know the sysinternals line of tools. Get some of their free tools. Like the tcpview, or the pstools, and the procexp.
Also get and learn to use Cain from Oxid.it These will let you know who knocks and who comes in.
My guess is that you're paniking a bit and that you PC just got infected with a lot of adware, malware and simmilar. Be more cautious downloading and installing free stuff. Get to know your services(disable the useless ones) and your registry, and you'll have a better grip on your box.
December 15th, 2003, 07:43 PM
!mitationRust

Quote:

Originally posted here by groovicus

Mandrake, for grins and giggles, do you have that list of stable software you are talking about? I'd like to see it, because I had some compatibility issues, but other than that, it worked just fine, easy to configure...

Even though Ive used ZoneAlarm(years ago) in the past without problems. With all the reports comming from people on AO. I would not trust it,too many people have personally made statements on how unstable it can make your machine. But here are some polls from brodband /dls reports.com. Groovicus Ive been comming here for awhile http://www.dslreports.com/forum/security,1 . Just hit on the polls and reviews to the right of the K9 units.
December 15th, 2003, 08:21 PM
Drunk On Duvel

I never heard of Windows having a root account.
December 15th, 2003, 10:34 PM
pak

There are so many wonderful posts here that show people what steps to take no matter what phase your in from prevention to forensics. A packet capture of the flurry of traffic you stated your box was sending would have been usefull as well as firewall logs and Windows auditing logs if those were enabled. Better luck next time I guess.
December 15th, 2003, 11:21 PM
jpfastball34

I will second the notion of using McAfee's firewall software it works very well and keeps things locked down. If you are using Windows you always have to be prepared to protect it because Windows is so easy to mess with. Now if you use FreeBSD that changes.
December 16th, 2003, 01:27 AM
Pasty

As for the ranting about Windows not having a root account, I know. When I use rooted I mean owned by someone other than me. I'll try out everything other than ZoneAlarm to try to lock down my machine. I know Windows is horrible on security, that is why I run Unix based Mac OS X for anything crucial. I also don't think it was any popular spyware because after it was happening Spybot Search & Destroy and AdAware 6 (both updated with the latest definitions) found nothing.
December 16th, 2003, 01:35 AM
adiz

Did you have SQL server running on your machine? I know that SQL server will sometimes suck all your bandwidth trying to broadcast as fast as it can. Just an idea.

Adiz
December 16th, 2003, 01:40 AM
Pasty

If it is enabled by default in XP Pro probably, I never turned off any services. But that still doesnt explain the password being set on my firewall. Any reccomendations on what specific services can be disabled?
December 16th, 2003, 01:56 AM
skiddieleet

I'm going to go throught the routine, someone asks about what services to disable in XP, then I say, go to www.blackviper.com , it is a really good site that helps you get rid of unnecessary services. Go there and feel better about your system.

Show 40 post(s) from this thread on one page