Saved Bookmarks
| 1. |
Solve : Is there a DOS Command that is the same a "Find" command in regedit?? |
|
Answer» I have had unauthorized VISITORS in my computer that got in using Windows XP Remote Access software. I've eliminated their entries in the Win Registry. I have had unauthorized visitors in my computer that got in using Windows XP Remote Access software. I've eliminated their entries in the Win Registry. I also agree that it should be shut off as the fix. However there are other exploits out there other than the Windows XP Remote Access that can also give them remote access. A great free tool to use for home USERS is Secunia PSI. It will make you aware of any software you have that should be updated or is open to attack from hackers etc. http://secunia.com/vulnerability_scanning/personal/ I use this on my systems to keep track of what software I have installed may require security patches etc beyond the regular Windows Updates etc. I provides you with threat levels to know just how open to vulnerability something is as well as allows you to actually patch some of the software requiring patches directly through the user interface. Some software I have is no longer supported by the mfr with patches and so I get my weekly pop up that shows I am at a score of 87% protection because of these old programs that I still have on my system that have known exploits. But these exploits are low risk to me behind firewalls and a good antivirus. If I uninstalled the software that is popping up as potential security threats, I'd have a score of 100%, but I chose to keep the 3 programs installed.Quote from: Gliq on May 14, 2013, 04:47:55 PM I have had unauthorized visitors in my computer that got in using Windows XP Remote Access software. I've eliminated their entries in the Win Registry. The risk is that they installed other trojan and backdoor software while they were in.Thanks for all your help. To summarize my response... I've been attacked several times by a proxy server company (or more likely, its hacker assets). I've gone far beyond just clicking the Windows software boxes to disable Remote Assistance and Remote Desktop. I've written a batch file to check if recimbly.exe and RCP.exe are in the system32 and system32/dllcache FOLDERS. If so, I have a batch file to delete them if they are. Just today, I exported a registry from one of my three computers and found a list of (probably) 15,307 websites that my attacker enters into the zonemap areas of my machines (there are two of those zonemap areas). I'm going to remove these in my "textpad" app (advanced notepad) and will attempt to import them with HOPE that they will be gone. As far as an intruder having set up something else, I have no sign of any activity at the moment, so hopefully I don't. I will be going to Win7 and Linux before April 8th, 2014 (D-Day for XP) so I hope I will make it till then. Thanks again for the replies.If you have the XP installation CD or system recovery set, I'd wipe the system clean and enable all protection just to make sure there is no more back doors. I use to run/host honeypots to bait hackers to systems that looked important, looked like a company server etc with a bunch of data that looked important but was fake, and I use to look at their methods on the honeypots that they didnt know where honeypots. I ended up stopping the honeypot project though when one of the hackers tried to make my honeypot a relay location for downloads. I had a ghost image for my honeypots so that after they played in my honeypot sandbox, I could wipe it clean and set it up as a trap for the next hacker. It was fun until one decided to try to make it a relay for most likely illegal content sharing. I stopped baiting with honeypots when I realized that their actions could get me in hot water with illegal file sharing, even if it was only live for a few hours until I killed it to wipe it clean and set it back up again. Hosting Honeypots is just asking for trouble, which I dont need! |
|