Solved

Cannot access printer on 2nd W2K workstation

Posted on 2003-12-10
3
207 Views
Last Modified: 2013-12-04
I have a peer to peer with W2K machines.  We set it up to share the laser printer on one machine.  Recently we discover that the machine had been compromised and Firedaemon loaded on it.  I have disabled the Firedaemon service but now we cannot get access to any of the resources on that computer.  I have removed and readded the user but still no access.  What's up?
0
Comment
Question by:bergm57
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9917593
You can try removing it and readding to domain if you have one (do you?)

Any time a system is badly compromised, I think a good idea is to rebuild it from scratch to remove both the known and the unknown abuse.  After making a build, getting that onto CD helps later on for further builds. I'd also suggest giving it a different name and address in case it is a target, and make sure you do not have too many programs running at startup or too many /quote/ users defined.  Make sure the box gets a new admin and admin password.
0
 
LVL 13

Accepted Solution

by:
Gnart earned 500 total points
ID: 9917633
Firedaemon is a legitimate software.  It's being used as payload by trojan and worm.  Run trojan/worm/keystroke remover to get rid of the real culprit.

AdAware==> http://www.lavasoftusa.com/support/download/
SpyBot ==> http://www.webattack.com/download/dlspybot.shtml

Check for viruse online:

http://housecall.trendmicro.com/ 
http://us.mcafee.com/root/mfs/default.asp?cid=9059 
http://security.symantec.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.pcpitstop.com/antivirus/default.asp 
http://www.f-prot.com/download/download_fpdos.html 

Check the resource's NTFS permission security.  Also, restore group policy and run computer policy basicwk.inf... to restore your security settings.

cheers
0
 

Expert Comment

by:JamesWillison
ID: 9919739
lets start at the begining can you ping the other computer??

0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question