Logfile worries
Robin Laing
Robin.Laing at drdc-rddc.gc.ca
Mon Sep 18 22:24:33 UTC 2006
Anne Wilson wrote:
> On Monday 18 September 2006 17:59, Jeff Vian wrote:
>
>>On Mon, 2006-09-18 at 09:49 +0100, Anne Wilson wrote:
>>
>>>I have logwatch mailing me daily about activity. This morning the report
>>>from this box has the following lines in the samba section:
>>>
>
> Yes. This is XP. Running as a non-administrator is so crippled as to be
> useless, and realistically no windows-user is going to learn that there is
> something equivalent to su - in fact I had not heard of it until this
> morning, either.
>
> Yesterday, I was working on her laptop. I know I gave the correct username
> and password, but it was rejected. Doubting for a moment, I tried another
> password she uses but that also failed, twice, before the original password
> was accepted. The other thing I noticed was that when I tried the correct
> password it was simply rejected, whereas when I tried the alternative one the
> screen blinked before offering the login dialogue (with fields filled in)
> again.
>
> This user is a cautious user, who wouldn't dream of using peer-to-peer or
> visiting dodgy websites. She keeps her AV software up to date and scans
> daily.
>
> I can think of no way in which that laptop is configured differently to other
> windows boxes on the LAN. Do you have anything specific in mind when you
> talk about 'properly configured'?
>
> Anne
>
I know that this may seem obvious but are they using IE with Active-X
enabled?
There is a an unpatched hole that is being exploited.
http://www.theregister.com/2006/09/18/ie_flaw_warnings_grow/
You only mention anti-virus. What about adware/spyware scans?
What about a scan with a different anti-virus software package?
All it takes is one visit to one site that has a bad link. It has
happened that a good site will have a bad advertising link that will
infect the machine making it a bad site.
I have had to use an XP machine that was supposed to be up to date and
the number of spyware/adware applications took me by surprise. My first
day was just cleaning the computer.
Good luck. As Microsoft's has suggested, re-installing is sometimes the
only sure fix.
--
Robin Laing
More information about the fedora-list
mailing list