check out the eventviewer. You should find at the very least information on how the computer is shut down and depending on the application or method used maybe even from which computer the shutdown was sent from.
Printable View
check out the eventviewer. You should find at the very least information on how the computer is shut down and depending on the application or method used maybe even from which computer the shutdown was sent from.
Quote:
See whether there is any pstools or any other PS related softwares intalled in your system.
The "PS tools" dont even need to be installed in the victim's computer. I was able to (to my own surprise ) view a list of processes, kill any particular process, and even shutdown a remote PC of one of my friend in our Office LAN using PSTools from sysinternals . All I had was local Admin-type priviledges to my own PC (Not the whole network).
Am not sure how to protect myself against it, though :(
actually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same. also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
Quote:
ctually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same.
Hmmm....Maybe you are right. I donno about remote admin account, but the login name he used to logon had a blank password :eek:
I always suspected that, but never bothered to check his event log, so a I am off to check that.Quote:
also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
Thanks, MURACU, for the info.
i dont use any chat programs
all i do is c and vb programming nothing else
i dont find anything in event viewer
i also dont have any access to advance tools cause we use windows 2000
use student account with no password its a user level account
thanks for your support
Wow guys! I am surprised that no one mentioned the use of rootkits! It sounds like someone is using the host:reboot command from backorifice. Try a rootkit scanner such as <a href="http://www.rootkit.nl/projects/rootkit_hunter.html[rootkit hunter]" rel="tag">[rootkit hunter]</a>
(if you are using a linux/unix machine) I did not catch it-- are u using one of those or windows?
Sorry guys! had a bit of trouble with the HTML there!!! Here is the link!!
rootkit hunter