Security Basics mailing list archives

RE: my pc hacked?

From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Wed, 17 Sep 2003 17:20:11 -0600

WebCompServer is a part of Crystal Reports 8.

In addition, your "local echo" of hyperterminal may be turned on, which
would let you see the password or anything else you typed.

Other than that, the PC moving slow is unlikely to be an indication that you
were "hacked", especially if there are no unusual processes running or
unusual ports open.  Note, if NMAP turned up ZERO open ports, the scan
probably did not run properly or you have a locked-down firewall (in which
case, getting hacked is very unlikely).

Eric Hagen

-----Original Message-----
From: hong li [mailto:hong_li_98 () yahoo com]
Sent: Wednesday, September 17, 2003 8:06 AM
To: security-basics () securityfocus com
Subject: my pc hacked?


Hi, all

I think my workstation was hacked.  (windows 2000
professional) When I connect to the router
to do some configurations through hyperterminal and I
can see the password on the screen, even with
encrypted password.  The pc was incredible slow.  I
tried netstat -na and did not see the suspicious
connection. Show processes and only see one suspicious
"webcompserver.exe" 
(did not google this yet).  I tried to use nmap to
scan ports and shows all posts are closed.

Any idea or suggestions whether the pc was hacked?

Thanks in advance,

Hong


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

my pc hacked? hong li (Sep 17)
- RE: my pc hacked? Lucas Zaichkowsky (Sep 17)
- Re: my pc hacked? Charles Mitchell (Sep 18)
- <Possible follow-ups>
- RE: my pc hacked? Hagen, Eric (Sep 17)