Account Unkown

Discussion in 'Port Explorer' started by Tracccker178, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. Tracccker178

    Tracccker178 Registered Member

    Joined:
    May 16, 2005
    Posts:
    34
    Sometime back I found an unkown account on my machine and deleted it
    because somebody hacked this system. Now that some time has passed
    and I now own PE I have been getting to much activity online so I posted to
    this forum and Joosky led me to some extremly good applications. The one
    that I am most pleased with is Process Explorer. While I was browsing with
    process explorer I noticed when I was looking at the csrss.exe handles
    that there was another account unkown established on my machine. The
    handle is (WindowStation \Windows\WindowStations\WinSta0) and I went
    to the properties and then the security tab and that is how I found the
    account. I went to safe mode in the administrative portion and deleted it;
    then I went to the system services and found all the Remote features
    had been reenabled with a new service called Secondary Logon. Then I
    found that the Wireless Zero Configuration had been enabled too. I do not
    have any wireless components on this machine at all.

    I did all the scanning that Jooske told me to do and everything came up
    empty so I started looking at the files on my hard drive and found one
    file called pcconfig. The only thing that the file contained was SexNow
    and my IP addresses. Everything pointed to the .Net Framework so I
    uninstalled that to because I found an ASP.NET setup log in my system
    that said that I had an ASP.NET account. Everything is quiet for now but
    I have not been able to find the new Trojan that they are useing.
    RE : I dont mean for it to sound like Im trying to degrade Port Explorer.
    They both work very well together and there is no other utillity like Port
    Explorer ; its in a class of its own. I would like for somebody to show us
    something that is better than Port Explorer. :cool: :doubt:
     
    Last edited: Jun 13, 2005
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  3. Hard Rocker

    Hard Rocker Registered Member

    Joined:
    Jan 27, 2005
    Posts:
    258
    Location:
    Quebec, CANADA
Thread Status:
Not open for further replies.