|
I know that this
may seem like a strange one but if you are anything like me you like
challenges.. Very quickly I want to explain a scenario that happened at work
today. I work in an IT organization as a desktop tech and am certainly no
expert on winpcap products BUT.. We are in a windows 2000 10/100 lan environment
and I noticed upon doing the familiar reboot in windows that symptoms were
occurring as if I had a virus. Applications missing shortcut inks, Norton
was hosed as well as the remote tools I use to support end users. The list goes
on.. I started checking things, obviously, and discovered I had some
security issues as well... for example global groups added to the admin group on
the local machine.. my security audit log was corrupt.. Hell I couldn't even
shut down or modify policies on the workstation. I went to the services
and noticed an unfamiliar service running. The name of the service was
remote packet capture protocol V.0 (experimental). The path to the
executable was program files\winpcap\rpcapd.exe -d -f rpcapd.ini. My
question is based on this information should I continue to pursue this app as
the culprit or is it possible that someone used the software maliciously?
Any help would be
greatly appreciated,
Reid
|
