Posted 02 July 2008 - 08:40 AM
Long story short.............
for 2 weeks Comodo was blocking operating system UDP DHCP. Comodo Firewall Forum told me not to panic that it always does but i need to turn off the log, the problem with that is I never changed my settings so I disected comodo and seen that comodo had been completely changed. All my security settings were changed to allow things and at the same time my wireless had been changed so I didnt even realize I was connected to the neighbors router for who knows how long.
I dug a little deeper and started looking at my programs and I cant remember what i looked at first or why (Ive been staring at code for days on end) but reguardless there was code inside my codes. ie. AutoCad, Chief Architect, Quickbooks etc all had code hidden inside of it and was resorting my programs and breaking them down.
Now that I was angry I ran netstat and Cain and found the unwanted bastard but he logged off before I could get more info on him. So off goes the internet and I began reading, and reading and reading. I cannot fort the life of me find his point of entrance. But I did find an employee manual for users. I am pretty sure the intention was to dump my software online as pirated or something. luckily the QB was a trial and the full version in on USB.
So I have closed all my ports and changed my policies, passwords, etc and I did find a rootkit I believe it was exit.exe but I have not found whatever was dropped in. and I have ran just about every scanner there is with no luck. I also found a user picture in picture accounts called owner.bmp that I can not open. I know its not a picture, if it is its the biggest picture file ever.
Any help would be great I really need to get online again. And if you know any other places that the terminal server info could be hiding - I really want to know who gave me a headache.