|
Home > Archive > 70-210 > June 2002 > malicious group policy setting
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
malicious group policy setting
|
|
| wicket 2002-06-19, 7:19 pm |
| I am working on a computer which someone has set up a group policy on smtp and icq. Outlook was being routed to 127.0.0.1 towards a utility which I am assuming was used to forward email and icq. I found the registry key of this utility and deleted it so I am assuming the risk factor is nil. I am woondering where you would set this policy?? mmc/local computer policy snap in under the software settings??? I installed eudora and it was also being redirected to the util so this is why I am assuming it must be a policy of some sort. This was a pretty sneaky little piece of work and I'm pretty impressed... lol I'm only a lowly comp tech and was able to figure out what was going on so it wasn't that good of a job, it sure beats the hell outta putting a trojan on someones box tho.
the original thread is here for the full story http://www.examnotes.com/forums/sho...&threadid=38321 | |
|
|
| wicket 2002-06-19, 9:11 pm |
| No, I'm not drunk denis  actually, it's pretty simple....whenever an email is sent through outlook or eudora, it is looped to port 3298-127.0.0.1 (your machine) to a utility which sends the email to 2 different places. The first place is to the guy who set it up and the second place is where you are sending it. It is just like a trojan except you cannot find it with an antivirus... get it? The original problem was someone reading the customers email.
http://www.examnotes.com/forums/sho...&threadid=38321
If the link doesn't work, the original thread is in the net+ forum entitled trojan stumper. | |
| me? I dunno... 2002-06-19, 10:36 pm |
| I know it may sound like a stupid question, but I would really like to know how to find this kind of thing.
How exactly did you determine that ICQ was being "Looped back", where were/what are the signs? | |
| wicket 2002-06-19, 11:42 pm |
| No such thing as a stupid question
Anyways, I just installed tiny personal firewall http://www.franksradio.net/files/
its called pf2.exe.... That was the last version which btw is even better than the new ver which is not freeware anymore. It has consistently gotten rave reviews and is in my opinion, the best software firewall a guy can get. It will tell you all incoming and outgoing attempts and is very easy to set up. I like the fact that I have a pretty good idea of what's happening in the background. | |
| wicket 2002-06-19, 11:52 pm |
| Forgive me, I'm super duper over tired, my last post sounded kinda scattered. 
Tiny has always been free for personal use and has made a big name for themself in the corporate environment (which wasn't free) The link above is to ver 2.0. I have tried the new ver and found that by default, 3 major holes were open on my machine. The old version picks up every single little thing and will stealth all of your ports by default. www.tinysoftware.com The old version is no longer available for download from their site but it is still kickin around on various sites. I upgraded and then downgraded after trying the new one. The old one is much better. Hope this helps.  | |
| denis_baribeau 2002-06-20, 3:30 pm |
| Just a thanks for the added info ,it cleared thing out a bit more.Dowmloaded pf2 and the pdf will read more about it.Take Care | |
| wicket 2002-06-20, 10:54 pm |
| So am I just the group leper?? or is this just a big stumper for you guys??? No comments or nuthin other than being accused of being drunk... it's all good, I do have a sense of humour.... (yer dead denis) | |
| Btucks 2002-06-21, 1:22 am |
| Wicket:
did you say you can't change the password for administrator?
can you create administrative accounts, with full control capability? | |
|
|
| AngryMan 2002-06-24, 5:14 pm |
| Ok, its obvious that nobody want to post an answer to this for various reasons.. which i can clearly see..
the part I dont understand, is we got an A+ member (wicket) asking for some advice
and then we got Denis an A+ trying to say wicket is drunk, and cant understand anything.
What are you doing answering questions in this forum anyways?
If you are a newbie (like me) then you should just quit trying to be a smartA**, read answers from the smart people and quit messing up threads with useless replies. You just end up confusing us!! | |
| me? I dunno... 2002-06-25, 3:14 am |
| Hey, lets all just take some heroin and relax here
Both Wicket and Denis know a lot of stuff and have helped me a lot, nobody knows everything and that's why were here, right?
I get frustrated and angry sometimes to, but I have no right to take it out on people who are trying to help, so I don't.
I'm fortunate to be starting at this a lot later in my life than most, so I have gotten used to being addressed rather abruptly by people much younger than me. Hey, such is life, if I want to learn, I have to put up with a little here and there, it's been that way with every skillset I have learned in my life. I can't help but respect the effort both of these guys have put in.
If you want to talk about welding or construction, then I'll be one of the big dogs, otherwise I'm just another one of the pups. Now if you'll excuse me, I have to go chew on a boot. | |
| denis_baribeau 2002-06-25, 7:15 am |
| I should not have posted to this thread the way I did or at least use word that obviously offended him.
(SORRY WICKET )
Nevertheless AngryMan the fact that you posted on this thread and put your 2 cents in ,I now lable you a Trouble Maker if you didn't have an answer for Wicket you should of left it alone.
I allready made it a mess, didn't need you to aggravate things.
You dont know me and where I answer question is not your business.
Thanks me? I dunno... for your comments . |
|
|
|
|
