SpyUser?

  • Thread starter Thread starter John Jackson
  • Start date Start date
J

John Jackson

Wonering if anyone has come accross this?
I was recently broswing through the machine that run my ISA firewall and
noticed and user in User Manager called SpyUser, upon furhter examination i
noticed it was a member of the admin group and had an active profile, has
anyone come across this before>?
I am running ISA on 2000 server with all pathces and SP's installed?

Thanks in advance
 
Does not sound good to me. I would make sure you change passwords of all your
administrator accounts ASAP and consider your computer compromised unless you or
another administrator can come up with an explanation. You should have auditing of
logon events and account management on that computer making sure to increase the size
of the security log to at least 10mb. Then you could look at the account properties
to find out when it was created and then look in your security log to see who created
it assuming the security log had not been cleared which in itself would leave an
event and may indicate hack activity. I would certainly run a virus scanner and
trojan scanner on it ASAP and take further steps to harden it. --- Steve


http://www.microsoft.com/technet/security/guidance/secmod144.mspx
http://securityadmin.info/faq.asp#hacked -- tips from the FAQ on hack attempts and
how to resolve/secure
 
Back
Top