 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Small Business Server / SBS 2000 / December 2003Workstations prompting to login as another user - Bearshare?
I've just had an incident where users on several workstations had a login screen popping up asking them to log in to the network as one of the other users, say "Jim". I checked Jim's machine - he was running BearShare and LimeWare, which I see are Gnutella clients, as well as several other pieces of malware. I removed these from his machine, and scanned him for viruses (clean). My questions are: What was Jim's machine doing that caused the other machines to attempt to login as him? What might be infected/affected? What do I need to clean up? What can I do to prevent this happening again? These are pretty much all cases of P2P(Peer to Peer File Sharing) software which have absolutely no business being installed in a business enviroment. Kazaa, another P2P network, had a terrible virus going around for a while. Sounds like some sort of Trojan/spyware at work. I would get a copy of Spybot Search and Destroy and load it on that machine http://www.safer-networking.org/index.php?page=spybotsd and see what it finds (you will probably be amazed And then to be on the safe side also get Ad Aware from lavasoftusa.com. Sometimes it finds a thing or two that Spybot does not. Both programs have the ability to "immunize" Finally a written policy needs to be in place that outlines acceptable internet access and email usage as well as outlining the procedure for approval for installing new software. And after they have been properly warned, random audits are a good thing.  SignatureCris Hanna [SBS-MVP] ------------------------- Please do not directly to me but rather reply to the newsgroup so that all may benefit from the information. > I've just had an incident where users on several workstations had a login > screen popping up asking them to log in to the network as one of the other [quoted text clipped - 9 lines] > What do I need to clean up? > What can I do to prevent this happening again? I have already run AD-Aware against the rogue users machine, and (no surprise) found plenty that didn't belong there. But part of my question relates to what else I need to scan - every machine on the LAN, the machines where the login prompt appeared, etc? > These are pretty much all cases of P2P(Peer to Peer File Sharing) software > which have absolutely no business being installed in a business enviroment. [quoted text clipped - 33 lines] > > What do I need to clean up? > > What can I do to prevent this happening again? If this is happening on several machines...yes...scan it all. And you may never make it go away without flattening the machines...but I strongly suggest spybot as well as Ad Aware. SignatureCris Hanna [SBS-MVP] ------------------------- Please do not directly to me but rather reply to the newsgroup so that all may benefit from the information. > I have already run AD-Aware against the rogue users machine, and (no > surprise) found plenty that didn't belong there. But part of my question [quoted text clipped - 46 lines] > > > What do I need to clean up? > > > What can I do to prevent this happening again? enforce a company policy that fires these people if they install it! SignatureSincerely, Mark Mancini, CCA, CCNA, Master CIW&CI, CNE 4&5, MCSE+I 4&2000 www.MCSE2000.com www.AppLauncher.com > I've just had an incident where users on several workstations had a login > screen popping up asking them to log in to the network as one of the other [quoted text clipped - 9 lines] > What do I need to clean up? > What can I do to prevent this happening again? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.