|
It means that the virus/worm was executed/run with a LocalSystem account. This would be true for a network-aware virus like FunLove and Bugbear. These viruses connect to open shares anonymously, therefore the default rights provided by the OS would be a LocalSystem account unless specified otherwise on the share.
you need to have a personal firewall on your pc. All share folders must be password protected and if you are using imesh or on of those do not share files. Lock the shared folder with a password.
since it is the NT Authority/system account this is a internal account and the system does change its passwords regularly for security purposes. You would not see this account in user manager just like you don't see the group everyone.
You, of course, have Zone Alarm or other personal firewall installed and antivirus installed so you have nothing to worry about. If not you need to get on of these like right now!
someone must have been poking around on your network... do you have a terminal service installed?
it can be done by a DOS worm, if it is a DOS worm if it occured simultaneously on a group of networked computers
open the task manager and end processes like csrss.exe, snmp.exesvchodt, svchost.exe if you can end these it is not a worm or virus in the DOS system.
in order for it not to gain entry the second time, also check out your terminal services like VNC... remote desktop, pc anywhere... someone might be playing with you... also you can download a trojan cleaner, if you accidentally downloaded a back orifice or any trojan virus which gives out access
hope some of this helps!!
|