Wireshark · Ethereal-users: [Ethereal-users] (no subject)

["Talot12" <talot12@xxxxxxxxxxxxx>]

I know that this may seem like a strange one but if you are anything like me you like challenges.. Very quickly I want to explain a scenario that happened at work today.  I work in an IT organization as a desktop tech and am certainly no expert on winpcap products BUT.. We are in a windows 2000 10/100 lan environment and I noticed upon doing the familiar reboot in windows that symptoms were occurring as if I had a virus.  Applications missing shortcut inks, Norton was hosed as well as the remote tools I use to support end users. The list goes on..  I started checking things, obviously, and discovered I had some security issues as well... for example global groups added to the admin group on the local machine.. my security audit log was corrupt.. Hell I couldn't even shut down or modify policies on the workstation.  I went to the services and noticed an unfamiliar service running.  The name of the service was remote packet capture protocol V.0 (experimental).  The path to the executable was program files\winpcap\rpcapd.exe -d -f rpcapd.ini.  My question is based on this information should I continue to pursue this app as the culprit or is it possible that someone used the software maliciously? 

 

Any help would be greatly appreciated,

 

 

Reid