somebody shutsdown my pc in college

Printable View

May 20th, 2006, 07:59 AM
firozahmed143

somebody shutsdown my pc in college

somebody shutsdown my pc in college from network how to stop it can someone helpme my work has been lost so many times this happens to other students also but only few some nasty people do this how to stop it i dont know please help
May 20th, 2006, 08:59 AM
Chazwazza1337

Well, if there is a timer before the computer shuts down, e.g 20 Seconds, you can goto the command prompt and type: "shutdown -a" (minus quotes) to cancel it. (XP only I think)

This happens to me too, I'm not sure of any preventetive measures that can be taken though... Maybe a service that can be disabled? Although that may break other network functionality.
May 20th, 2006, 09:18 AM
nihil

What applications are you running when this happens?

What work are you losing (what application is it in)

Are you running P2P chat programs?

If someone has somehow obtained administration rights over the network I think that your systems admins should be told about it.

:)
May 20th, 2006, 11:00 AM
Williams Antony

Hi firozahmed143,

See whether there is any pstools or any other PS related softwares intalled in your system.

The one who is doin all these may be well aware of the programs that are running in your system. Ofcourse they can!!!

You can know more about the shutdown porcess by following this link.

http://www.sysinternals.com/utilities/psshutdown.html

Am not sure whether they are using this tool or not, but still a little help from my side.

Regards,
:) Williams Antony. :)

....."A Bend In The Road Is Not The End Of The Road......

Unless You Fail To Make The Turn. "...
May 20th, 2006, 11:28 AM
rmlj63

Just one question you did say this is your computer not belonging to the college? You may need to contact the system admin from the college and see if he/she even knows about the problem. Chances are that they do know about it. If it is a college computer then could secure it for you or at least start tracking who and how this is being done.

Now if this is your personal computer then:

You are going to have to secure your computer a lot better than it is right now. I would start with a firewall and antivirus. You can find these in the download section on the right hand side of the Antionline homepage. I would suggest Zonealarms or Tiny for firewall and which ever antivirus you like I like panda myself.

One thing you may think about is that it could be a virus not just some guy on the network. Especially since it has happened to multiple people. Just food for thought.

Hope this helps.
May 20th, 2006, 10:40 PM
Jareds411

Firo, make sure you have the "terminal service" disabled. There's a command 'tsshutdn' that people on your LAN can use to shut down your PC if it's on the same LAN.
May 21st, 2006, 05:29 AM
firozahmed143

first thanks for your support

pc is of college
there are few smart students who secured admin password from professors
they do this over network and ultimately a lot of other people suffer cause they have not saved thier work and no one will take action against them we also reported it i will try your suggestions thanks other suggestions are welcome

thanks 4 your support
May 21st, 2006, 10:56 AM
nihil

Hi firoz~

The reason I asked you about what applications you were using to work in, is that there are utilities to automatically save your work to your local machine on a regular basis. This might at least limit the damage? You will need to be able to save onto some sort of portable media though.

I mentioned P2P because there are "booters" and "nukers" which are malicious programs that specifically terminate you :( This does not seem to be your problem though.

Might I respectfully suggest that you invest in a cricket bat :eek:
May 21st, 2006, 04:13 PM
Relyt

Hey firoz,

From a different view...

Before reporting them, you first need to make sure that you are not assisting in their decision to shut you down. The point I am hoping to arrive at is to make sure you are in absolute compliance with the AUP you agreed to early on. Then report any further incidents. Otherwise, if you are visiting sites that are not approved, if you are using instant messaging programs during class, etc., etc., etc.; then your creditability may be worthless and you may be the cause of the shutdowns. The very students you want to report may have been assigned to monitor the network activity and to shutdown any non-compliant students.

cheers
May 21st, 2006, 05:52 PM
SicWitIt

Just FYI, nay to all of you who are attempting to respond to such an open ass question. There is no possible way with the given information that you would have been able to make sense of that from

Quote:

somebody shutsdown my pc in college from network how to stop it can someone helpme my work has been lost so many times this happens to other students also but only few some nasty people do this how to stop it i dont know please help

.
May 22nd, 2006, 10:28 AM
MURACU

check out the eventviewer. You should find at the very least information on how the computer is shut down and depending on the application or method used maybe even from which computer the shutdown was sent from.
May 22nd, 2006, 11:04 AM
DeCipher101

Quote:

See whether there is any pstools or any other PS related softwares intalled in your system.

The "PS tools" dont even need to be installed in the victim's computer. I was able to (to my own surprise ) view a list of processes, kill any particular process, and even shutdown a remote PC of one of my friend in our Office LAN using PSTools from sysinternals . All I had was local Admin-type priviledges to my own PC (Not the whole network).

Am not sure how to protect myself against it, though :(
May 22nd, 2006, 11:10 AM
MURACU

actually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same. also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.
May 22nd, 2006, 11:39 AM
DeCipher101

Quote:

ctually DeCipher101 as far as i know the reason you could do all that was because the local administrator account and password on the two machines were the same.

Hmmm....Maybe you are right. I donno about remote admin account, but the login name he used to logon had a blank password :eek:

Quote:

also if you shutdown a pc with Pstools it leaves a trace in the event journal. If you use PSexec it installs a service on the remote computer again with the relavent information in the event journal.

I always suspected that, but never bothered to check his event log, so a I am off to check that.

Thanks, MURACU, for the info.
May 22nd, 2006, 11:47 AM
firozahmed143

i dont use any chat programs
all i do is c and vb programming nothing else
i dont find anything in event viewer
i also dont have any access to advance tools cause we use windows 2000
use student account with no password its a user level account
thanks for your support
May 23rd, 2006, 12:30 AM
agent-prie$t

Wow guys! I am surprised that no one mentioned the use of rootkits! It sounds like someone is using the host:reboot command from backorifice. Try a rootkit scanner such as <a href="http://www.rootkit.nl/projects/rootkit_hunter.html[rootkit hunter]" rel="tag">[rootkit hunter]</a>
(if you are using a linux/unix machine) I did not catch it-- are u using one of those or windows?
May 23rd, 2006, 12:34 AM
agent-prie$t

Sorry guys! had a bit of trouble with the HTML there!!! Here is the link!!
rootkit hunter