I work at a large university, and I’ve been having a lot of problems with hackers. I just had two machines broken into, and I need a way to fix them without reformating (and ways to prevent future attacks):
1. A machine was attacked and has some sort of “bot” installed on it. I deleted the bot, but it keeps coming back. I found a file labeled PASSWD that showed an attempt to break user passwords with a program called SamChangePasswordUser2.
2. One of our servers was attacked, and a recently discovered hole in Apache was to blame.
Both machines are running Windows 2000.
Does anyone know how to fix either of these problems? Lots of tech points if you do!
