Hi,
I have a winnt4.0 server running proxy 2.0.
Lately it looks like someone is trying to hack into the system. On a couple of ocassions I noticed that a cmd.exe was running as a process and taking alot of cpu time, so I would kill it.
I alsonoticed on a couple of ocassions that the following services were running that should not have been: dnuts26,dwrcs,firedemon and navmon. I would manually have to kill them. Also from the registry. Also noticed in the win. dir. in the following path winnt\system32\config\help\tmp\files ____it had some of the following files in the tmp folder : firedaemon, stro.exe, navmon.exe etc…
Is there a way to stop this from happening?
Security is fairly new to me.
Any help would be appreciated.
