Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Guest account activity with guest acct off


  • Please log in to reply
4 replies to this topic

#1 dannyboy 950

dannyboy 950

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 May 2005 - 10:31 AM

[del]






Recently while running some log checks I found the guest account had been logging on and off, even tho I have disabled the guest acount long ago.

Now MBSA has been showing that the guest acct was active but I had thought it was an error, since when I would check it would show to be off.

Finding this I decided to check deeper and found while checking services that DCOM and RPC had been reenabled and I can no longer stop or disable those services.
The functionality is greyed out.

DCOM is still being blocked luckyly since there has been over a 1000 attemps to start the srvice.
In my admin tools I no longer seem to have the tools to set user permission levels.
I run XP Home with SP1 and all the latest updates for it.
AV and AT scans daily SpywareGuard;Blaster and Spybot S&D tea timer running also Previx. Sygate Pro
I am not sure if the P2P connection attemps are related to this or not as there are no outbound attemps from me logged.

Any ideas have I been owned as a P2P server even tho I logg no outbound connections?

Thanks for any thoughts on this.

BC AdBot (Login to Remove)

 


#2 Xerxes

Xerxes

  • Banned
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 May 2005 - 11:03 AM

Er..could it possible be some kind of homemade virus/trojan or similiar and you got it, or some kind of error with the pc something wrong setting.

I don't know what the problem can be but still won't hurt to ask a few questions or having a few thoughts.

#3 dannyboy 950

dannyboy 950
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 May 2005 - 11:12 AM

It may well be I have run my AV and it hasn't found anything I am running my AT now.

I also noticed while checking services that anything haveing to do with windows Auto-update and RPC can no longer be disabled.

Possibly from a recent windows up-date. We will be protected whether we want to or not it seems.

#4 Xerxes

Xerxes

  • Banned
  • 64 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 May 2005 - 11:19 AM

Hi,

Do the following ->
1 Scan with antiviruses
Housecall Trendmicro Scan
Panda ActiveScan

2 Scan for spywares
Spybot:S&D Download
Ad-Aware SE Download
Remember to update before running.

3 HiJackThis
Download "HiJackThis"
Create a new folder on your desktop; Name it "HTJ"
Drag over the .EXE file (Hijackthis.exe) to the new folder named HTJ;
Run the EXE file and press on (System Scan & Save log); Wait..
When It's done, the log is in the HTJ folder;
Copy the content of it and do the following ->
Make a new HTJ Forum and paste the content of the textfile in the new thread


#5 dannyboy 950

dannyboy 950
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 07 May 2005 - 01:20 PM

Thanks for the advice and help but I have allready run all of those. The scans are all clean. I will continue digging and will advise of anything I find.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users