I have a network using a hub with a server that has two nic's and is using ICS, and two other computers using a cable modem. one with my important info,and the other for my daughter. All are using norton internet security. She downloaded kazaa (the music download program) and I immediatley had 17 ports being probed from her network address on my server (which has file/print share disabled) and on my main computer (which has file/print sharing enabled) I shut down both and went to hers to find that norton internet security had been disabled. I ran ad-aware and found 61 questionable files which I deleted. Also on my main computer in the system.ini under boot the "drivers=mmsystem.dll power drive" was gone leaving me without sound. I found this through Dr.Watson. I replaced this no problem then. So far I have had no other problem.
My questions are, Is it possible that they can get that far into my network and delete the system.ini file? How far could they have gotten? Where can I go to find if there are more files, and what kind of files are on any of my computers that ad-aware can't find?
What else can I do to feel more secure about knowing my network is clean..(I deleted everything that she downloaded and uninstalled kazaa......Please help!! For my own peace of mind..

She downloaded kazaa (the music download program) and I immediatley had 17 ports being probed from her network address on my server (which has file/print share disabled) and on my main computer (which has file/print sharing enabled) I shut down both and went to hers to find that norton internet security had been disabled.

She was probing your server?:confused: or were the probes from from your wan to her lan ip? ... What 17 ports were they, being probed while using peer to peer services is common, actually you are not being probed your are being seeked out for what you are sharing, unless of course the port is directed at a port which is unrelated to the program.

I ran ad-aware and found 61 questionable files which I deleted. Also on my main computer in the system.ini under boot the "drivers=mmsystem.dll power drive" was gone leaving me without sound. I found this through Dr.Watson. I replaced this no problem then. So far I have had no other problem.

Was this the first time you ran ad-aware?

My questions are, Is it possible that they can get that far into my network and delete the system.ini file? How far could they have gotten? Where can I go to find if there are more files, and what kind of files are on any of my computers that ad-aware can't find?

It is possible, but not probable they got into the system, but your system.ini is of no interest to anyone unless they are wanting to set a constant way to get in..in this case you would notice a weird pointer in your system.ini file ... but the chance someone got in and just went after your "drivers=mmsystem.dll power drive" is not something anyone that you should be worried about would go after.

If you really think someone compromised your network watch your ports and your logs, if you notice abnormal traffic from weird ports, look the port and its association up. Also change all the passwords on any shares you currently have.

I was being probed through her IP address..so far I have had no other problems. I got the alert about the port probes through Norton Internet security. There were no indication of what ports were probed. As far as running Adaware, No I had just ran it the day before I had a motherboard blow out on my server and had to rebuild it and reconnect the network with that I ran Ad-Aware with no questionable files. I appreciate your reply

I went in her puter and deleted any suspect programs that I knew I hadn't put there, as of this day no weird probes of any kind other than the usual scanner trojans that seem to never go away........wouldn't it be nice to have one button to send a surge of electricity to the scanners Ip address and obliterate it....oh well I can dream

Sometimes you ISP will run port scans looking for servers on thier network, that shouldn't be there.