how can they get in?

  • Thread starter Thread starter Dave Cullen
  • Start date Start date
D

Dave Cullen

Our Production workstations are connected to the Internet via the
network, so they can make transactions to the Corporate database. One of
the machines has become overwhelmed with popups and advertising spam.

Icons appear on the desktop and systray, new items appear in the Start
menu and folders get created on the hard drive. This machine has very
tight security settings that don't allow anyone but the admin to make
such changes. How is this possible?
 
Do the popups and spam windows that show up are they internet explorer based, or does it look like a plain greyish box with an "ok" or "close" button on it?

If it looks like an IE based window you could have some spy ware on your machine, like Gator is the first one that comes to mind. If it's the latter, all you have to do is disable the "messenger" service of windows.

In windows 2000:
Go to Start, Settings, Control Panel, Administrative Tools, Services.
Scroll all the way down to "Messenger" and right click on it and chose stop. Then right click again
and go to Properties. Select "Manual" under "Startup type:"

As far as the folders being created and shortcuts being created, I don't know if spy ware has snooped that low, but you definatly need to get some monitoring software running on that machine. Start figuring out what is coming in and going out.
 
Our Production workstations are connected to the Internet via the
network, so they can make transactions to the Corporate database. One of
the machines has become overwhelmed with popups and advertising spam.

Icons appear on the desktop and systray, new items appear in the Start
menu and folders get created on the hard drive. This machine has very
tight security settings that don't allow anyone but the admin to make
such changes. How is this possible?
Click to expand...

What OS is it running? Browser?

Have you done a virus scan? Spyware scan? Other diagnostics?

Once you have an idea what the problem is, you can go after the cause
of the problem.


Chuck
I hate spam - PLEASE get rid of the spam before emailing me!
Paranoia comes from experience - and is not necessarily a bad thing.
 
This usually happens from a user browsing the internet. You say the computer is
locked down. I would double check the settings and consider the possibility that the
user might have obtained administrator access which is easy to do if a user can boot
from a floppy or cdrom. If the perimeter firewall only allows access to the corporate
database using outbound access rules, then it really would be puzzling unless user
was able to configure a different default gateway or even a dial up modem. ---
Steve
 
Back
Top