|
Posted by =?Utf-8?B?SGVsZW5E?= on May 1, 2007, 9:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
How can we be sure that this is the cause? Is it possible that someone may
have planted the issue on the computer? Why just this computer?
Was there anything from the vulnerability things I sent through on the last
thread that point to anything in particular.
HelenD
"Malke" wrote:
> HelenD wrote:
> > A few weeks ago, I found that a large number of adult material files
appeared
> > on my computer over the weekend when it was not connected to the internet
and
> > I was not using the computer. Last week, I found that a similar incident
had
> > occurred one week earlier when I did not have the computer but it was
> > connected to the company network.
> >
> > From quick analysis I found the following:
> > * Both events were bounded by two failed logon attempts under my user ID
> > * Time time duration between the two failed logon attempts was two days and
> > twenty one hours.
> > * Over the time period between the two failed logon attempts 72 event ID
> > 636 and 72 event ID 637 occurred. Event ID 636 is : A user or group account
> > was added to a local security group on the computer or on the domain, and
> > Event ID 637 is:A user or group account was removed from a local security
> > group on the computer or on the domain.
> > * MS Installer events occured post the creation of the adult material files
> > when the computer was next logged onto the network.
> >
> > I am interested in knowing whether anyone thinks this is still Malware or if
> > these two events are related.
> >
> > I have attached the logs over the two incidents below just in case.
>
> (snip logs)
>
> A machine on your company network is infected with some malware that is
> network-aware. You have File/Printer Sharing turned on or are
> synchronizing files from a company share (or the like) and so your
> machine is affected. To make sure your own machine (apparently a laptop
> that goes back and forth to work?) is clean, go through the following
> general malware removal steps systematically:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> You will need to log onto the machine as local Administrator to do this.
> If you don't have the ability to do this, you must contact your systems
> administrator and have them clean your machine. In any case, you need to
> tell your systems administrator about the problem so they can find the
> infected machine on the network and make sure it and all other machines
> (including the server) have not been compromised.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>
| 
XML site map