Announcement

Collapse
No announcement yet.

strange user account IWAM_NET74f9d0d2a9f9

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • strange user account IWAM_NET74f9d0d2a9f9

    hello,

    a strange account has appeared on my DC

    IWAM_NET74f9d0d2a9f9 - it is a member of the domain users group but i cannot find where it came from. It has a folder under documents & settings. My virus software detected viruses within this folder which initially alerted me to it. i have disabled the account. Another symptom my virus software was shutting down. i am scanning with malwarebytes, stinger and my onboard virus software,


    Anyone recognise this account? The server appears clean now but i am worried I have been hacked. In my event logs i can see multiple events related to my remote access software and what looks to me like access attempts from external ip addresses.


    any ideas or tips gratefully accepted


    cheers stu





  • #2
    Re: strange user account IWAM_NET74f9d0d2a9f9

    IWAM is used by IIS.
    For more detailed information you might read this...
    http://serverfault.com/questions/501...nts-for-in-iis
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment

    Working...
    X