CTRL-ALT-DEL Problems...i know its windoze..but any help is appreciated
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Rep:
CTRL-ALT-DEL Problems...i know its windoze..but any help is appreciated
This just started maybe an hour ago....I push CTRL-ALT-DEL...and the window pops up..and then automatically closes immediately...does the same when i type the commands "msconfig" or "regedit" in the Run box... I did a virus scan because I figured maybe that was the problem....no problem there...but whenever I restarted..there was this new file called TFTP1496 sitting in my startup with an .exe file called "webdav"....i went ahead and deleted them....they both were created a few hours ago today when i looked at their properties....and that's when the problems seemed to start happening..dont know where the hell they came from or what they are. If anyone has any clue what they are or anywhere I can go to see if any changes have been made...I'd appreciate it. Thanks.
Well, don't freak because I could be wrong but I think it may have something to do with the nimda worm. How up to date is your scanner - and how good is it?
Quote:
What is WebDAV?
Briefly: WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.
Quote:
61-219-34-242.hinet-ip.hinet.net ...
... Found PE_NIMDA.E. Deleted. C:\Inetpub\scripts\TFTP1488 --> Found PE_NIMDA.E. Deleted. C:\Inetpub\scripts\TFTP1496 --> Found PE_NIMDA.E. Deleted. C:\Inetpub\scripts\TFTP1508 --> Found PE_NIMDA.E. Deleted. C:\Inetpub\scripts ... http://61-219-34-242.hinet-ip.hinet.net/REPORT.LOG - 32 KB
Unfortunately, I couldn't follow that link to find out what it was about.
Sounds like someone hacked your box. You definitely shouldn't have crap like that materializing in places like that. If you don't have something like Sygate, download it now, I guess.
I don't understand your situation. You started getting strange recations from your windows box, went hunting and found those files. Is that right? And when you delete those files, they come back again. Is that correct?
Where exactally were those files, in the root dir of C: ?
If I were you, I would update my virus scanner and thoroughly check your drives.
That's a good point. Did you do a cursory scan? Because you should set it for the slowest and most thorough. And try more than one, as they use different databases and methods.
I used to use McAfee some, AVG a lot, and F-Prot, even.
Incidentally, Sygate's a firewall, in case you thought I was talking anti-virus, but it helps lock down a system - sounds like someone's trying to create an entryway into your computer. So you'd also need something like that.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
Schatoor,
I deleted the files...but they didn't come back or anything...but I'm not sure if they are causing the problem I'm having right now(w/ windows closing after opening them...only with Windows apps like "regedit", msconfig, and ctrl-alt-del) ...i'm just assuming that may have something to do with it.
I hope no one hacked into my comp but I figure it would be considerably hard considered I'm behind a router as well....I'm thinking it could be some music file i may have downloaded through kazaa lite...or maybe some harmful ad-ware i picked up from some sites...
Right now, I'm scanning the comp using Housecall...so maybe i'll get something else..
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
Ok, got two trojans with housecall...one called troj kbman.exe...it puts a .dll file on your comp that tracks your keystrokes...i deleted that...and there's another one called TROJ SENAMAKR1..or something like that....it puts a file called TEMP.EXE with an IRC client pic on it ....i've gotten this one in the past...it always seems to be in the C://WINDOWS directory....the other one was in the C://WINDOWS/slog/ directory...
I think you were asking for trouble. My understanding is that kazaa is like opening the door and putting out a welcome sign. You really really really need to get some software that looks for trojans and such and run it. They are out there but since I run Linux only I don't know where they are. Goto the screensavers.com and see if you can find something. They talk about it on TV all the time.
Whatever you do, do something. Also check your MS updates thingy.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
Yea, i'm using kazaa lite...sorry for abbrev. that. I think I do have something.....i didn't get exactly what the message said because I was watching tv when it happened..but my comp just decided to go ahead and restart itself.
If you look around you will probably find someone else having the same problems. You got a little rat running around in there somewhere, you need a mouse trap. Ha ha ha
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
*Location service (loc-srv). This port is used to direct RPC (Remove Procedure Calls) services to the appropriate dynamically mapped ports. Hackers can use this to determine which port is used by several Windows services. This port should not be visible from the Internet.
*Windows NT / 2000 SMB. A standard used to exchange Server Message Blocks, and can be exploited in multiple ways, including gaining your passwords.
Those are the two ports open...ports 135 and 445, respectively. Need help on how to close these ports. Thanks.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
Also, basic info about my comp was able to be seen according to the symantec security check....that's what i used to see which ports were open as well....The basic info was the name of my comp, the workgroup, and the mac address of my comp.
Location: Austin,TX most of the year...in Euless,TX the rest of it
Distribution: RH 9.0
Posts: 154
Original Poster
Rep:
One more thing, according to that symantec thing....its safe from trojans....im doing their virus scan right now though...maybe it'll pull something up. I got the files infected with trojans off the comp yday....maybe that took care of them....or maybe this security check isnt that up to par.
BTW, thanks for those links dalek...appreciate it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.