This is probably not the correct newsgroup, but I'll take a chance. I left one of my computers in the DMZ the other day accidentally. I use a Linksys router connected to a cablemodem. The Linksys is setup for home use, and has3 computers and a printer connected to it. Somehow, a hacker disabled my AntiVir AV software on the PC that was in the DMZ, setup a rule in Zone Alarm to allow rogue lsass.exe and svchost.exe programs full access to everything, created a folder called C:\\RECYCLED, and ran a script to set up Serv-U FTP Server listening on port 444 and 43958. There is an entry in the Serv-U ini file called [USER=wonderland|1]. I had just happened to waltz into the computer room and saw a DOS box executing scripts and thought, 'that can't be right'. So I immediately unplugged the PC from the network and started doing some digging. The above is what I found. My question is, how in the world did someone find me on the Internet and get all that accomplished?
After backing up my hard drive to an image file and later scrubbing the suspected Trojan, I took the RECYCLED folder from my backed up image and copied it to a VMWARE image to see what it did, and to see if the hacker would come back. I put the VMWARE machine's IP address in the DMZ. The virus program ran a setup batch file, then an info program that somehow scanned the local hard drives on the host pc and reported their size and free space in a text file in C:\\RECYCLED on the VMWARE machine. That concerned me as the VMWARE machine was bridging into my actual PC. So, not knowing what I was doing, I shut it all down, deleted the VMWARE image, and disabled the DMZ and all port forwarding on my router. I don't have any of my hard drives shared, other than the Admin shares XP creates which I know little about and really don't understand how to get rid of. There are only two user accounts, both have administrator rights and unique passwords. The guest account is disabled. I would like to hear explanations on how all that stuff happened, and with the router back in action, whether or not anyone thinks it can happen again. Thanks!