RE: I think I've been hacked...please help!

[H C <keydet89 () yahoo com>]

> I would suggest this is a custom made trojan that is
> connecting to an irc 
> server when a RAS connection is detected.

What are you basing this on?  The information provided
so far by the OP has been vague and sketchy at
best...hardly what one would call even moderately
effective incident response.

> Try using MSConfig to see if anything unusual is
> working, also try 
> installing zone alarm for a check at what is
> accessing the network from that 
> machine - available from www.zonelabs.com
> If someone is using a trojan it will be picked up
> using zone alarm even if 
> it is custome made.
> Hope my info helps...

There are other, perhaps even more effective methods
for gathering the same information.  For example,
running fport (and piping the output through netcat)
doesn't require a full software installation
(ZoneAlarm does)...which will contaminate any
potential evidence.  There are other tools...which
I've listed and sent to the OP...that can be run
similarly.

BTW, I checked out your site...cool graphics.  Aside
from rampant misspellings, it's not half bad.


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com