Account Unkown

Sometime back I found an unkown account on my machine and deleted it
because somebody hacked this system. Now that some time has passed
and I now own PE I have been getting to much activity online so I posted to
this forum and Joosky led me to some extremly good applications. The one
that I am most pleased with is Process Explorer. While I was browsing with
process explorer I noticed when I was looking at the csrss.exe handles
that there was another account unkown established on my machine. The
handle is (WindowStation \Windows\WindowStations\WinSta0) and I went
to the properties and then the security tab and that is how I found the
account. I went to safe mode in the administrative portion and deleted it;
then I went to the system services and found all the Remote features
had been reenabled with a new service called Secondary Logon. Then I
found that the Wireless Zero Configuration had been enabled too. I do not
have any wireless components on this machine at all.

I did all the scanning that Jooske told me to do and everything came up
empty so I started looking at the files on my hard drive and found one
file called pcconfig. The only thing that the file contained was SexNow
and my IP addresses. Everything pointed to the .Net Framework so I
uninstalled that to because I found an ASP.NET setup log in my system
that said that I had an ASP.NET account. Everything is quiet for now but
I have not been able to find the new Trojan that they are useing.
RE : I dont mean for it to sound like Im trying to degrade Port Explorer.
They both work very well together and there is no other utillity like Port
Explorer ; its in a class of its own. I would like for somebody to show us
something that is better than Port Explorer.

 

Hi Traccer, It may be worth getting unhackme from here: http://www.greatis.com/unhackme/download.htm as you may have a rootkit installed.
There are other tools but I have not tried them, do a search in google for "rootkit detection"

You may also try the cleaning instructions thread here: https://www.wilderssecurity.com/showthread.php?t=50662

HTH Pilli.

 

Hi, You could also try Frisk .... It's more complicated than UnHackMe .... to run .... but still a very good program !!

http://sourceforge.net/projects/frisk

Good Luck,
HR