Hacjker Changes many user names

G

Guest

Thanks in advance for all the posts many of you provide here.
I ran advances properties, software items, start up and then click to view
history( not sure how I arrived here but this is what showed.

3/18/2005 9:00:17 PM ADDED Slingo Program Group
3/18/2005 9:00:17 PM REMOVED "C:\Program Files\Messenger\msmsgs.exe"
/background Startup Programs
3/18/2005 9:00:17 PM REMOVED desktop.ini Startup Programs
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed from
"Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed from
"Default User:Accessories" to "All Users:Accessories". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "UserName"
changed from "Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "Name"
changed from "Default User:Accessories\Accessibility" to "All
Users:Accessories\Accessibility". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "UserName"
changed from "Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "Name"
changed from "Default User:Accessories\Entertainment" to "All
Users:Accessories\Entertainment". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "UserName" changed from
"Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "Name" changed from "Default
User:Startup" to "All Users:Startup". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed from
"NT AUTHORITY\SYSTEM" to "Default User". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed from "NT
AUTHORITY\SYSTEM:Accessories" to "Default User:Accessories". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "UserName"
changed from "NT AUTHORITY\SYSTEM" to "Default User". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "Name"
changed from "NT AUTHORITY\SYSTEM:Accessories\Accessibility" to "Default
User:Accessories\Accessibility". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "UserName"
changed from "NT AUTHORITY\SYSTEM" to "Default User". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "Name"
changed from "NT AUTHORITY\SYSTEM:Accessories\Entertainment" to "Default
User:Accessories\Entertainment". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "UserName" changed from "NT
AUTHORITY\SYSTEM" to "Default User". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "Name" changed from "NT
AUTHORITY\SYSTEM:Startup" to "Default User:Startup". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed from
"STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed from
"STEVE\steveroyjohnson:Accessories" to "NT
AUTHORITY\SYSTEM:Accessories". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "UserName"
changed from "STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property "Name"
changed from "STEVE\steveroyjohnson:Accessories\Accessibility" to "NT
AUTHORITY\SYSTEM:Accessories\Accessibility". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "UserName"
changed from "STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property "Name"
changed from "STEVE\steveroyjohnson:Accessories\Entertainment" to "NT
AUTHORITY\SYSTEM:Accessories\Entertainment". Program Group
3/19/2005 12:27:32 PM CHANGED Games Property "UserName" changed from
"STEVE\steveroyjohnson" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Games Property "Name" changed from
"STEVE\steveroyjohnson:Games" to "All Users:Games". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "UserName" changed from
"STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "Name" changed from
"STEVE\steveroyjohnson:Startup" to "NT AUTHORITY\SYSTEM:Startup". Program
Group
3/19/2005 12:27:32 PM CHANGED desktop.ini Property "User" changed from
".DEFAULT" to "All Users". Startup Programs
3/19/2005 12:27:32 PM CHANGED desktop.ini Property "Location" changed from
"Startup" to "Common Startup". Startup Programs
3/19/2005 12:27:32 PM CHANGED desktop.ini Property "User" changed from "NT
AUTHORITY\SYSTEM" to ".DEFAULT". Startup Programs
3/19/2005 12:27:32 PM CHANGED desktop.ini Property "User" changed from
"STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Startup Programs

I went in and changed remot access item x 3
lowered my temp files storage, deleted off line stuff and don't allow remote
innvitations. reinstalled my firewall. Changed my setting to make it run
sleeker. Thanks so much Wesley. BUT
how do I change all of these back? Do I need to? Help me to make it all
right please
Thanks
 
G

Galen

In auctionsco <[email protected]> had this to say:

My reply is at the bottom of your sent message:
Thanks in advance for all the posts many of you provide here.
I ran advances properties, software items, start up and then click to
view history( not sure how I arrived here but this is what showed.

3/18/2005 9:00:17 PM ADDED Slingo Program Group
3/18/2005 9:00:17 PM REMOVED "C:\Program Files\Messenger\msmsgs.exe"
/background Startup Programs
3/18/2005 9:00:17 PM REMOVED desktop.ini Startup Programs
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed
from "Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed from
"Default User:Accessories" to "All Users:Accessories". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property
"UserName" changed from "Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property
"Name" changed from "Default User:Accessories\Accessibility" to "All
Users:Accessories\Accessibility". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property
"UserName" changed from "Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment Property
"Name" changed from "Default User:Accessories\Entertainment" to "All
Users:Accessories\Entertainment". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "UserName" changed from
"Default User" to "All Users". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "Name" changed from
"Default User:Startup" to "All Users:Startup". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed
from "NT AUTHORITY\SYSTEM" to "Default User". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed
from "NT AUTHORITY\SYSTEM:Accessories" to "Default User:Accessories".
Program Group 3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility
Property "UserName" changed from "NT AUTHORITY\SYSTEM" to "Default
User". Program Group 3/19/2005 12:27:32 PM CHANGED
Accessories\Accessibility Property "Name" changed from "NT
AUTHORITY\SYSTEM:Accessories\Accessibility" to "Default
User:Accessories\Accessibility". Program Group 3/19/2005 12:27:32 PM
CHANGED Accessories\Entertainment Property "UserName" changed from
"NT AUTHORITY\SYSTEM" to "Default User". Program Group 3/19/2005
12:27:32 PM CHANGED Accessories\Entertainment Property "Name" changed
from "NT AUTHORITY\SYSTEM:Accessories\Entertainment" to "Default
User:Accessories\Entertainment". Program Group 3/19/2005 12:27:32 PM
CHANGED Startup Property "UserName" changed from "NT
AUTHORITY\SYSTEM" to "Default User". Program Group 3/19/2005 12:27:32
PM CHANGED Startup Property "Name" changed from "NT
AUTHORITY\SYSTEM:Startup" to "Default User:Startup". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "UserName" changed
from "STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories Property "Name" changed
from "STEVE\steveroyjohnson:Accessories" to "NT
AUTHORITY\SYSTEM:Accessories". Program Group
3/19/2005 12:27:32 PM CHANGED Accessories\Accessibility Property
"UserName" changed from "STEVE\steveroyjohnson" to "NT
AUTHORITY\SYSTEM". Program Group 3/19/2005 12:27:32 PM CHANGED
Accessories\Accessibility Property "Name" changed from
"STEVE\steveroyjohnson:Accessories\Accessibility" to "NT
AUTHORITY\SYSTEM:Accessories\Accessibility". Program Group 3/19/2005
12:27:32 PM CHANGED Accessories\Entertainment Property "UserName"
changed from "STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM".
Program Group 3/19/2005 12:27:32 PM CHANGED Accessories\Entertainment
Property "Name" changed from
"STEVE\steveroyjohnson:Accessories\Entertainment" to "NT
AUTHORITY\SYSTEM:Accessories\Entertainment". Program Group 3/19/2005
12:27:32 PM CHANGED Games Property "UserName" changed from
"STEVE\steveroyjohnson" to "All Users". Program Group 3/19/2005
12:27:32 PM CHANGED Games Property "Name" changed from
"STEVE\steveroyjohnson:Games" to "All Users:Games". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "UserName" changed
from "STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Program Group
3/19/2005 12:27:32 PM CHANGED Startup Property "Name" changed from
"STEVE\steveroyjohnson:Startup" to "NT AUTHORITY\SYSTEM:Startup".
Program Group 3/19/2005 12:27:32 PM CHANGED desktop.ini Property
"User" changed from ".DEFAULT" to "All Users". Startup Programs
3/19/2005 12:27:32 PM CHANGED desktop.ini Property "Location" changed
from "Startup" to "Common Startup". Startup Programs 3/19/2005
12:27:32 PM CHANGED desktop.ini Property "User" changed from "NT
AUTHORITY\SYSTEM" to ".DEFAULT". Startup Programs 3/19/2005 12:27:32
PM CHANGED desktop.ini Property "User" changed from
"STEVE\steveroyjohnson" to "NT AUTHORITY\SYSTEM". Startup Programs

I went in and changed remot access item x 3
lowered my temp files storage, deleted off line stuff and don't allow
remote innvitations. reinstalled my firewall. Changed my setting to
make it run sleeker. Thanks so much Wesley. BUT
how do I change all of these back? Do I need to? Help me to make it
all right please
Thanks
Click to expand...

I'm not sure that I understand ALL of what you're saying but it's a good
idea to go ahead and start scanning for various types of malware. Do your
scans in safe mode with restore disabled. You might also want to delete your
prefetch folder for something that's seemingly as deep as this one is. Below
are a number of links to some free software that you can download and use.
All of them are decent and will probably do the trick for you so pick one in
each category or two or all of the ones in the spyware category if you'd
like. To get to safe mode you'll want to press F8 during boot and select
safe mode without networking. As for making repairs, when you're able to
boot into safe mode you should be able to log on as administrator with the
original password used at setup time or with no password if you didn't opt
to use one. From there you should be able to make any changes required but
I'd wait until after you've scanned before going ahead and making these
changes to the accounts. You'll also probably want to grab yourself a copy
of LSPFix so I'll include that link to. That will help you should your
cleaning process decide to eat your winsock and make it so that you're
unable to connect to the internet. You might also want to make sure that you
download and properly configure a firewall, there are free options available
for you as well.

LSP-Fix - a free program to repair damaged Winsock 2 stacks:
http://www.cexx.org/lspfix.htm

Virus:
www.grisoft.com - AVG
www.antivir.com - AntiVir
www.clamwin.com - ClamWin
http://www.my-etrust.com/microsoft/index.cfm - CA eTrust*

Spyware:
www.lavasoft.de - AdAware
http://security.kolla.de/ - Spybot
http://www.microsoft.com/athome/security/spyware/software/default.mspx -
Microsoft Anti-Spyware Beta

Trojan:
www.emsisoft.com/en/software/free/ - a
http://swatit.org/

All of these are free for home use. All of them are acceptable solutions to
your security needs.
Does not provide full real-time scanning engine.

*My understanding CA is available free for a limited time. Please note that
the page says this:
@free software offer expires 2/1/05.@
The number of times it has been given out as a viable option leads me to
believe that this has been extended. You should, of course, verify this on
your own.

I hope that these are what you're looking for. Given what I've read from the
above, and if I'm reading it properly, it looks as though you should take a
bit of time securing your computer. I highly recommend that you grab a
firewall. Here's a few free ones that you can use and they're all worth
using though you'll want to make sure to take a little while to learn to
configure them properly though you can always use the Windows firewall. If
you haven't upgraded to SP2 it's a good idea to do so.

Firewalls:
www.agnitum.com - Outpost Personal Firewall
http://smb.sygate.com/products/spf_standard.htm - Sygate Personal Firewall
www.kerio.com/us/kpf_download.html - Kerio Personal Firewall

Galen
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Hacked >> Many changed passwords 1
System Infiltrated >>Program start up group changes . Please See l 2
RPC security help 1
User Permissions changed 1
Grouping - Distinct 5
Is ActiveSearch really trying to install?? 3
User acct lockout 0
How do I know MSAS is working? 6

Top