Unexpected shutdowns!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I recently noticed that an unauthorized hacker accessed my win2000 server.
Now I am experiencing system shutdowns at least once a day. Power is still
on, but the system is shut down including the nic card. There is not
hibernate or standby available on this computer. All critcal updates were
current before the time of attack last week. My event viewer indicates the
times of the unexpected system shutdowns. Side note: since I have screen
lock on the power is not completing shutting off at those times.

Questions: Is it possible that a remote shutdown program could have been
installed by the hacker? Can I remove it with out having to reinstall the
O/S?
Thanks in advance,
Steve
 
There are many tools out there that are for detecting and "cleaning" out
rootkits, trojans etc, which could be what you may have. however the ONLY
way to be sure you do not leave something behind is to completely rebuild the
box, reformat and re install. It is the only way to be sure you are clean
and safe. It sucks I know but trust me it is the best in the long run.
 
I agree with Chris. You could try and track down what is going on with free
tools such as these from SysInternals including TCPView, Process Explorer,
Autoruns, Rootkit Revealer, etc but your best bet is to consider a clean
install from a formatted system drive. Such an approach often saves time in
the long run as often users spend days or weeks trying to avoid a reinstall
that may take half a day or less and the hacker may be monitoring the
network the whole time capturing sensitive data. However unless you take
steps to prevent such a hack attack again you may suffer the same fate again
over and over. You need to make sure the system and network is hardened
which at minimum means a properly configured firewall that does not use
default configuration password, enable auditing of logon events, physical
security, security update patching, antivirus that stays updated and scans
all emails, disabling unneeded services, Internet Explorer hardening, and
enforcing complex passwords. The free Microsoft Baseline Security Analyzer
can help check your computers for basic vulnerabilities. The links below may
help. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
Small Business security guidance
http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx
-- Anti Virus in Depth Defense guide. Excellent reading.
http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/default.mspx
--- W2K Security Hardening Guide
http://www.microsoft.com/technet/Security/topics/serversecurity.mspx ---
Technet Security
http://www.sysinternals.com/ --- SysInternals
 
Wauw, I'm impressed, nice one! Never heard of those ....

I tried "hijackthis"... scary.... Never seen anything spitting out so much
-whatever it was- that was 'clinging' onto my browser. Didn't delete
anything, it wasn't malicious. If you really wanna know what's all tehere ...


"Steven L Umbach" schreef:
I agree with Chris. You could try and track down what is going on with free
tools such as these from SysInternals including TCPView, Process Explorer,
Autoruns, Rootkit Revealer, etc but your best bet is to consider a clean
install from a formatted system drive. Such an approach often saves time in
the long run as often users spend days or weeks trying to avoid a reinstall
that may take half a day or less and the hacker may be monitoring the
network the whole time capturing sensitive data. However unless you take
steps to prevent such a hack attack again you may suffer the same fate again
over and over. You need to make sure the system and network is hardened
which at minimum means a properly configured firewall that does not use
default configuration password, enable auditing of logon events, physical
security, security update patching, antivirus that stays updated and scans
all emails, disabling unneeded services, Internet Explorer hardening, and
enforcing complex passwords. The free Microsoft Baseline Security Analyzer
can help check your computers for basic vulnerabilities. The links below may
help. --- Steve
Click to expand...

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx --
Small Business security guidance

http://www.microsoft.com/technet/security/topics/serversecurity/avdind_0.mspx

-- Anti Virus in Depth Defense guide. Excellent reading.

http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/default.mspx
--- W2K Security Hardening Guide
http://www.microsoft.com/technet/Security/topics/serversecurity.mspx ---
Technet Security
http://www.sysinternals.com/ --- SysInternals
 
This is weird, i have a pc which is having "unexpected shutdowns", i guessed
that would be a hardware related problem but i did take notice of an event on
that machine, it reports an 4356 event something about COM+, well, i started
a search for this event and i found this messages.

Even so i haven't found nothing related in this thread to that event could
you explainme how is i hit this messages through the search?
 
Back
Top