discipulus <rootman22at_private> wrote asking: >The other day I noticed a strange folder had been created >on my W2K Pro machine at work. [ ... ] >Has my account/PC been compromised? That would be a strong first working hypothesis. Perhaps someone else can tell you exactly what this all means, but my approach would be to get hold of some forensics tools and check the machine over carefully. Fport comes to mind right away. It can tell you what's connected to your machine and to which port. You can get started here ... http://www.foundstone.com http://www.treachery.net ... among other places. Look in their "Tool" bins. It's a good idea to have a kit of such tools on a read-only CD in advance of an incident like this, so that you have tools you know you can trust -- that haven't been trojanned -- ready to use. It's rather like the instructions in a snake-bite kit. You want to be familiar with them *before* Mr. Snake has his way with you. Another really good idea is a firewall. ZoneAlarm and Sygate have good reputations, but, again, one wants these up and running *before* something bad happens. I hope you have your data backed up, because I suspect that you will may ultimately have to clean your hard drive and re-install from scratch. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Oct 06 2002 - 13:58:25 PDT