posted on Sep, 4 2009 @ 02:35 PM
If you are experiencing a situation where it appears that a Print Screen is being taken at regular intervals it sounds like you have a program running
such as Autoscreenshot
. Such tools are commonly used by Gamers, but I suppose someone could use
something similar for Spyware (although Keystroke Loggers would be more reliably effective and easier to hide).
And yes, they could modify such a program to send images via FTP.
However, if you are running IIS & FTP Server without it being Firewalled, you could be vulnerable to the DDOS Proof-of-Concept Vulnerability in the
link you provided, but what you are experiencing is not a DDOS Attack.
What I would do would be the following:
- CTRL+ALT+DEL to bring up your Task Manager. See if anything is running in the Processes Tab that shouldn't be (be sure to mark "Show processes
from all users").
- Get a copy of Spybot Search & Destroy, update it after installing it, and then run it.
- Run an online Virus Scan. Many of the Spyware/Malware out there will disable your Virus Scanner although it appears to be working. For this reason
every manufacturer offers free online Virus Scanning.
- If you are knowledgeable enough about Windows System Files and the Windows Registry, get HijackThis and run it. This will allow you to manually
remove things that should not be running on your computer.
- Run a Port Monitor or Traffic Monitor (or use a Packet Sniffer). If packets are leaving or entering a Port that shouldn't, reroute that traffic in
your HOSTS file to 127.0.0.1 (loop-back address) and then track down what is causing that traffic and stop it (you can get a basic list of open ports
and communication by running "netstat -abvo").
[edit on 4-9-2009 by fraterormus]