![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
Virus and Worms and Trojans (oh, my!)
Aug. 22nd, 2003 07:48 pm![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
psmylie.livejournal.comWhere I work, we got off really lucky during the latest virus outbreaks. Our only real problem was with the remote users. They typically administer their own machines, and of course, they were all loaded with viruses. And crapware (damn you, gator!)
Anyway, we sent out an email to get all these folks to bring in their laptops so we could clean them off.
One case in particular stands out. The woman who owned this particular laptop was indeed infected with the Blaster worm. I cleaned it off, and popped in the CD with the patches on them, and proceeded to try and run the update. I got an error stating that I needed to have admin rights to install any programs. "Hmm," I thought, "That's odd. I should have admin rights, considering I logged in with the admin account."
I opened up computer management, checked out users and groups, and looked to make sure that the admin account was actually in the admin group. It was. And so was a user named "getowned".
Well, there was no other choice at that point. I called the user up and let her know that her box had been compromised, and that I had no choice but to nuke the site from orbit (that's the only way to be sure). One format and reinstall later, she had her laptop back and was happy as could be, since I upgraded her from NT to Win2k while I was at it.
So, if the blaster virus never existed, I probably never would have discovered the hacked box. Thanks, you scumbag virus-writer!
Anyway, we sent out an email to get all these folks to bring in their laptops so we could clean them off.
One case in particular stands out. The woman who owned this particular laptop was indeed infected with the Blaster worm. I cleaned it off, and popped in the CD with the patches on them, and proceeded to try and run the update. I got an error stating that I needed to have admin rights to install any programs. "Hmm," I thought, "That's odd. I should have admin rights, considering I logged in with the admin account."
I opened up computer management, checked out users and groups, and looked to make sure that the admin account was actually in the admin group. It was. And so was a user named "getowned".
Well, there was no other choice at that point. I called the user up and let her know that her box had been compromised, and that I had no choice but to nuke the site from orbit (that's the only way to be sure). One format and reinstall later, she had her laptop back and was happy as could be, since I upgraded her from NT to Win2k while I was at it.
So, if the blaster virus never existed, I probably never would have discovered the hacked box. Thanks, you scumbag virus-writer!
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}