RE: XP Box appears to be compromised

[JM <jamesmcgeeiom () onetel net uk>]

My understanding of RDP is that you establish a "new" 
session on the box.

So I don’t think that is your culprit.  Check the system out 
for viruses, and Trojans.  Run a port scan against it.  Try 
a new AV solution.

Checkout Languard's scanner, you can get a free eval of it, 
but it is also worth buying.

Have you tried changing the mouse?

Cheers

JM


-----Original Message-----
From: Gregory M. Brown [mailto:gbrown () alvalearning com] 
Sent: 06 August 2003 17:04
To: security-basics () securityfocus com
Subject: XP Box appears to be compromised

I've got an issue with what appears to be remote desktop 
management of
an XP box.  It's weird...

There are deliberate mouse movements on this box.  I'm 
assuming it's an
internal person doing this as our FW and Fortinet device 
will block any
remote seizing of a desktop.  I've disabled all the XP 
remote services,
and it continues to happen.  I could bust open packets with 
sniffer, but
there is a time constraint as the organization laid 
virtually all IT
people off.  Imagine that....

What should I be looking for?  I need to nail whoever is 
doing this. 

Thanks for any help.

Greg B.



-------------------------------------------------------------
--------------
-------------------------------------------------------------
---------------