Sometime back I found an unkown account on my machine and deleted it because somebody hacked this system. Now that some time has passed and I now own PE I have been getting to much activity online so I posted to this forum and Joosky led me to some extremly good applications. The one that I am most pleased with is Process Explorer. While I was browsing with process explorer I noticed when I was looking at the csrss.exe handles that there was another account unkown established on my machine. The handle is (WindowStation \Windows\WindowStations\WinSta0) and I went to the properties and then the security tab and that is how I found the account. I went to safe mode in the administrative portion and deleted it; then I went to the system services and found all the Remote features had been reenabled with a new service called Secondary Logon. Then I found that the Wireless Zero Configuration had been enabled too. I do not have any wireless components on this machine at all. I did all the scanning that Jooske told me to do and everything came up empty so I started looking at the files on my hard drive and found one file called pcconfig. The only thing that the file contained was SexNow and my IP addresses. Everything pointed to the .Net Framework so I uninstalled that to because I found an ASP.NET setup log in my system that said that I had an ASP.NET account. Everything is quiet for now but I have not been able to find the new Trojan that they are useing. RE : I dont mean for it to sound like Im trying to degrade Port Explorer. They both work very well together and there is no other utillity like Port Explorer ; its in a class of its own. I would like for somebody to show us something that is better than Port Explorer.
Hi Traccer, It may be worth getting unhackme from here: http://www.greatis.com/unhackme/download.htm as you may have a rootkit installed. There are other tools but I have not tried them, do a search in google for "rootkit detection" You may also try the cleaning instructions thread here: https://www.wilderssecurity.com/showthread.php?t=50662 HTH Pilli.
Hi, You could also try Frisk .... It's more complicated than UnHackMe .... to run .... but still a very good program !! http://sourceforge.net/projects/frisk Good Luck, HR