Re: Help, some one's hacked into my home computer

[Bill_Royds () pch gc ca]

Do you have Microsoft Office running?. The files
ffastun.ffl, ffastun0.ffx, ffastun.ffo, ffastun.ffa
are used by the Microsoft FindFast utility that always runs in the background
and continually updates these files as it tracks your files saves and changes.
They would normally be changed often throughout a day.

If you were not running any network services it is unlikely they actually got
in. Back Officer Friendly opens ports for some services  (SMTP, FTP, IMAP2, POP3
and Telnet) but doesn't actually run any servers on them. If you have a virus
scanner (and you should) run it on all your files to check if Back Orifice is
part of any file.





Denise Lucas <denise_lucas () yahoo com> on 05/13/99 11:51:27 PM

Please respond to Denise Lucas <denise_lucas () yahoo com>

To:   firewall-wizards () nfr net
cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
Subject:  Help, some one's hacked into my home computer




i'm on a cable modem, i run back officer friendly,
stepped away from the desktop for a few hours, came
back and saw the alerts.  I've done a find on all the
files changed today and compared them with the times
that they were on.  I'm stumped on what to do next.
This is happening right now, realtime.  Can anybody
please respond.
Machine is an AST Manhattan Commerce Pro
Pentium Pro running
Windows 95

It looks like they ftp'd some files called
ffastun.ffl, ffastun0.ffx, ffastun.ffo, ffastun.ffa
and made some changes to system files.

Any suggestions, please, please call me.

Thanks,

Denise
===

When you have eliminated the impossible, whatever remains, however
improbable, must be the truth.

Sir Arthur Conan Doyle
_________________________________________________________