I was woken at 4 O' clock this morning when my screen suddenly came on. I looked at the screen and saw a web page on there. I didnt remember leaving anything running so I thought I had to have a look. It was an ftp server page from ftpz.us and it was uploading a rar file of the photos folder on my PC. Being half asleep I shouted some obcenity and switched the PC off immediately. This morning I looked at my Internet Explorer history and saw entries for several tftp servers, an entry for grc.com (WTF?), an entry for my router home page (passworded so I dont think they got in there) and several entries in My Computer that they had been sniffing around.

Now I am a Sys Admin (not windows) so i know about computers, firewalls, AV etc but my questions are can I find out how they got into my PC so I can stop this happening again and why did they go to grc.com.

Thanks in advance for any help.

PS I am not posting this from my computer so I am not passing anything nasty on.

I imagine the grc bit is the key in some way, as the Shields Up check will tell someone straight away what port vulnerabilities are exposed on the PC, thus giving anyone information they need.

Obviously identifying what vuln they used to connect to your pc is nigh on impossible for us, but try running Shields Up to see if it does identify something.

If AV/Spyware scans show up nothing though, personally i'd be reformatting and starting again making sure everything is tight, such as turning off the remote assistance feature et al.

Thanks for the quick reply m8.

I am totally confused by the grc bit...obviously they were into my computer before going to grc as it appeared in my IE history. I just thought someone on here might have come across somthing like this before.

I am going to do a bit more investigation when I get home but I am of the same opinion as you that a reformat is the only way out because I dont know what other nasties they have left on my computer.

Thanks again.

by grc I presume he means this website m8

http://www.grc.com/intro.htm

HTH