First, I'd highly suggest that we discontinue this thread and you email your concerns here:
security@lists.contribs.org
Talking about security related issues in a public venue is typically not a good thing.
It's probably not an e-smith problem but...
The XP clients are being remotely controlled.
What makes you think that? Having a client being "remotely controlled" is really a fairly rare thing to have happen, especially behind a firewall.
In event, it sounds like you have some strangeness going on. Here what I'd do:
1. If you don't already have a GOOD AV scanner, then buy one. Install it and update the definitions.
2. Download and install Ad-Aware from lavasoft:
http://www.lavasoftusa.com/software/adaware/3. Disconnect your sys from the network and run a system wide AV scan.
4. Run a system wide ad-aware scan.
5. Disable any apps that you might have installed that actively communicate across the internet (e.g, MSN messanger, Trillian, etc, etc,)
6. Hook your sys back up to the network, and reboot.
7. When the sys comes back up, don't open ANY apps.
8. Run the command "netstat" from a command prompt and look at the output. Netstat reports all current network related connections, both LAN and WAN. Look at ever line that netstat reports and try to determine where it's coming from.
Good luck.
Greg Zartman
3 Replies
1434 Views