Security Basics mailing list archives
RE: XP Box appears to be compromised
From: JM <jamesmcgeeiom () onetel net uk>
Date: Thu, 7 Aug 2003 11:36:19 +0100
My understanding of RDP is that you establish a "new" session on the box. So I don’t think that is your culprit. Check the system out for viruses, and Trojans. Run a port scan against it. Try a new AV solution. Checkout Languard's scanner, you can get a free eval of it, but it is also worth buying. Have you tried changing the mouse? Cheers JM -----Original Message----- From: Gregory M. Brown [mailto:gbrown () alvalearning com] Sent: 06 August 2003 17:04 To: security-basics () securityfocus com Subject: XP Box appears to be compromised I've got an issue with what appears to be remote desktop management of an XP box. It's weird... There are deliberate mouse movements on this box. I'm assuming it's an internal person doing this as our FW and Fortinet device will block any remote seizing of a desktop. I've disabled all the XP remote services, and it continues to happen. I could bust open packets with sniffer, but there is a time constraint as the organization laid virtually all IT people off. Imagine that.... What should I be looking for? I need to nail whoever is doing this. Thanks for any help. Greg B. ------------------------------------------------------------- -------------- ------------------------------------------------------------- ---------------
Current thread:
- XP Box appears to be compromised Gregory M. Brown (Aug 06)
- Re: XP Box appears to be compromised James Fields (Aug 07)
- <Possible follow-ups>
- Re: XP Box appears to be compromised chris (Aug 06)
- RE: XP Box appears to be compromised Paul Farag (Aug 07)
- RE: XP Box appears to be compromised JM (Aug 07)
- RE: XP Box appears to be compromised Sean MacLeod (Aug 08)