Hacker enables Winnt4.0 Guest account and assign Administrator right !!!!!
Posted on 2003-03-10
I have a serious trouble.
The school server (Winnt4.0 sp6) security log displays that the "Guest" account has been enabled and join "Domain Admin", "Domain Guest" and "Administrator" group.
The log displays that the activity is taken in the midnight, and the "NT AUTHORITY\SYSTEM" is showed in the user field in the log.
I change the password, disable account, remove the admin group and disallow logon all of times. However, this event occur again.
I assume that a hacker attack the server.
1. How can i prevent this event?
2. How can i check the system whether is inflected by any virus (Torjan Horse)?
3. Where can i get more useful infor. to solve it and improve the server secure?
I amd looking forward to receiving your reply.
Thank you for your attention.