Solved

Cannot access printer on 2nd W2K workstation

Posted on 2003-12-10
3
202 Views
Last Modified: 2013-12-04
I have a peer to peer with W2K machines.  We set it up to share the laser printer on one machine.  Recently we discover that the machine had been compromised and Firedaemon loaded on it.  I have disabled the Firedaemon service but now we cannot get access to any of the resources on that computer.  I have removed and readded the user but still no access.  What's up?
0
Comment
Question by:bergm57
3 Comments
 
LVL 4

Expert Comment

by:MobileOakAI
Comment Utility
You can try removing it and readding to domain if you have one (do you?)

Any time a system is badly compromised, I think a good idea is to rebuild it from scratch to remove both the known and the unknown abuse.  After making a build, getting that onto CD helps later on for further builds. I'd also suggest giving it a different name and address in case it is a target, and make sure you do not have too many programs running at startup or too many /quote/ users defined.  Make sure the box gets a new admin and admin password.
0
 
LVL 13

Accepted Solution

by:
Gnart earned 500 total points
Comment Utility
Firedaemon is a legitimate software.  It's being used as payload by trojan and worm.  Run trojan/worm/keystroke remover to get rid of the real culprit.

AdAware==> http://www.lavasoftusa.com/support/download/
SpyBot ==> http://www.webattack.com/download/dlspybot.shtml

Check for viruse online:

http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9059
http://security.symantec.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.pcpitstop.com/antivirus/default.asp
http://www.f-prot.com/download/download_fpdos.html

Check the resource's NTFS permission security.  Also, restore group policy and run computer policy basicwk.inf... to restore your security settings.

cheers
0
 

Expert Comment

by:JamesWillison
Comment Utility
lets start at the begining can you ping the other computer??

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now