 sj |
||
|
||
Tech: Theft from someone's PC: possible?
|
|
|
|||||||
|
Tech: Theft from someone's PC: possible? |
Share Thread
|
||||||
|
Subject: Tech: Theft from someone's PC: possible? From: Peace Date: 31 Dec 04 - 10:08 AM A friend suspects his computer has been 'hijacked'. Way he explained it is this. His D drive is almost full. His computer flashes the lights on his hard drive even when he has logged off and has been logged off for hours. He's using XE, and even the use of Spybot S + D hasn't helped. He can't get to his Norton Virus Protector. Is it possible someone has hacked his PC and is accessing it when he writes or uses the machine? |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Uncle_DaveO Date: 31 Dec 04 - 10:41 AM Couple of thoughts about this: Number 1, don't just log off; disconnect the computer physically from the phone line, cable, or whatever but leave the computer running. Does the flashing stop? If so, it sounds like it was caused by something from the web. You say he "can't get to" his Norton's. What does that mean? He might want to contact Symantec's support function. I also know that some versions (if not all) of Windows continually do things in the background, even when there's no keyboard or web input, and no programs (other than the operating system) running. Frankly, that's my guess in this case. You say his D drive is almost full. I don't know what that means. What is "C:" assigned to? I believe in most people's setup C: would be what I'd call the default main drive. and D:, if present, is not a system drive. I once, back in the Pleistocene era or thereabouts, had a setup where C: was merely a partition on the hard drive where the operating system resided, and everything of content was on D: or subsequent partitions. In any case, it could be that the operating system is frustrated by the crowded conditions on the D: drive, and keeps trying to do housekeeping operations and can't do it. In any case, if his HD is overcrowded he'd better engage in a major elimination program, or compress files, or get a new hard drive to either add to or replace the overcrowded D:. Dave Oesterreich |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: GUEST,your computer is owned Date: 31 Dec 04 - 10:44 AM someone been visiting russian porn sites then....??????? all the best ones are highly contaminated with a multitude of trojans.. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Peace Date: 31 Dec 04 - 10:56 AM No, not this guy. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: mack/misophist Date: 31 Dec 04 - 11:09 AM Uncle DaveO has given some good advice. Certain trojans are good at blocking Symantec functions. There are a number of free on line virus checkers. Try a few of them. If D is a data drive, look to see why it's so full. If D is a data drive, I commend you. It's a good idea. Many say it's unnecessary with XP. They only need to be wrong once in a million times for that one to be you. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: hesperis Date: 31 Dec 04 - 11:14 AM Yes, disconnect the computer physically from the internet and clean up the D drive by backing up and deleting files. Shut down (not just log off) when you're not using the computer, especially if you have a broadband connection. If the D drive is too full then it can't be defragged and the computer might be trying to do automatic tasks such as defrag and be unable to complete the task. Also, while the computer is offline be sure to shut off certain parts of the operating system that can allow other people to control your computer, such as remote assistance or any remote desktop programs it has. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: mack/misophist Date: 31 Dec 04 - 11:17 AM To answer the original question; Yes, yes indeed! |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: GUEST Date: 31 Dec 04 - 11:20 AM ps.. if D drive is full.. a good deep search might reveal if the computer has been 'borrowed' by naughty young people for use as a 'Pub' ftp. if your mate is lucky, it might be storing all sorts of cool movies, mp3s, software, disproportionately silicone enhanced lady photos.. etc |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Stilly River Sage Date: 31 Dec 04 - 11:33 AM As stated above, disconnect the computer from the Internet access for the time being. I would do a few diagnostic things to see what is up: Go to accessories, system tools, and tell it to get rid of temporary files. Defrag the computer and get stuff tidied in there. How does the space look now? Though it may seem counterintuitive, without logging on still, have him uninstall his copies of Norton Antivirus, Firewall, etc., then reinstall them fresh. Only when this has happened should he then go back online and immediately download the newest definitions. Disconnect again and let the Norton software do it's fullest scan available to search for the problems. From there I would go back online and do the one-two punch of AdAware and Spybot Search&Destroy to see what malware is in there. Spybot may offer to backup the registry, but if it has been fried by malware, your friend may not want a backup of it. Finally, you said he's using "XE" but do you actually mean XP? There is a "go back" feature (I haven't used it, I use Win2000Pro which doesn't have it, and on my kids' computer with XP Pro I haven't had to use it). When did these troubles begin? Choose a date before that and set the machine to restore itself. Hope this helps. It's the short version, anyway, until John in Kansas notices this thread! :) SRS |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Peace Date: 31 Dec 04 - 11:38 AM Thank you all very, very much. I have forwarded a;ll the suggestions and diagnoses to my buddy. He'll take your advice seriously. He's only had a computer for two years and he admits to being in the dark about lotsa stuff. Truth is, he's in the dim. I'm in the dark. Thanks again. Bruce M |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Rasener Date: 31 Dec 04 - 11:39 AM I haven't consciously visited a russian porn site, but I do get lots of e-mails from Russian Ladies wanting to marry me. :-) I keep on blocking each e-mail and deleting, but the next day another one or two or three arrive. I suspect that they have somehow got my e-mail address and are sending from lots of different PC's that they have managed to access. Anybody got any idea how to stop it, apart from changing my e-mail address which I am reluctant to do. I also get the Viagra ones - maybe they think I need it with all the Russian Ladies falling over each other to get at me :-), as well as sofware e-mails (us based) and medicines and watches. None of them have viruses and I use No-adware which removes any possible intrusive cookies etc. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: GUEST Date: 31 Dec 04 - 11:49 AM glad to hear none of the Russian Ladies have viruses.. gives me confidence for our bands next tour eastwards.. ----------------- BTW..cant be complacent with internet protection.. people who dont protect their own computers are a guilty part of the menace that so easily spreads worldwide virus attacks.. sometimes its difficult not to feel they got what they deserve [and another harsh lesson in common sense and responsibility].. each time they lose all their data and need to reinstall |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Amos Date: 31 Dec 04 - 12:31 PM Maybe if you marry one of them the rest will back off, Vilan. At least that's the way it used to work!! A |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Rasener Date: 31 Dec 04 - 12:34 PM Don't think the missus would like it Amos. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: JohnInKansas Date: 31 Dec 04 - 02:09 PM I don't recognise the "XE" mentioned. If it's a typo for XP, then some drive activity is probably normal. I can't comment if it's "CE." Among other things, any user who has set up for automatic updates will see automatic downloads of OS patches and/or AV updates at random times. XP also does things like automatic compression of files that haven't been used recently, along with a number of other "bookkeeping" activities. The most disturbing comment is about inability to access Norton. Many currently active "worms" and other malware attempt to destroy AV protections. There are also a number of worms extant that attempt to connect to their "source" sites to download additional malware. Your friend should immediately go to Norton Security Check and run the "Scan for Viruses" there. If he is using an OS (mainly WinME or WinXP) that has an automatic "System Restore" he should turn that off to delete any old and possibly infected backups of the Registry before running the AV scan. (If concerned about losing "restore" capability, he can make a manual backup of the Registry somewhere where the automatic System Restore can't put it back without his permission.) Immediately after getting a clean report for viral infection, he should run the "Scan for Security Risks" at the same site. If he has a firewall, he will be asked for permission to penetrate it and should give the necessary permission. In case he can't visit here to use the link, it's: http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=23&pkj=OQVUWFVYZZALEWNSWLW It can be accessed from the http://security.symantec.com home page, but takes a little "digging around." If his Norton has been disabled by a malware infection, the scan direct from the Symantec web site will be able to find any VIRAL infection. There are a number of malware infections currently in circulation that are not viral and cannot be detected by basic AV programs. The "Scan for Security Risks" will tell him if he has unexpected "open ports" that may have been opened by malware to communicate with a "home site" and/or if he's just got a sloppy setup that can be better protected by adjusting his setup. If the Norton web scan finds a virus, it should give him a link to instructions for removal of anything it can't clean up immediately. It may or may not find non-viral malware, but will refer to instructions for any that are found. There are several non-viral malware instances in circulation now. These are not generally detected by basic AV programs, since they download as "programs" that through some trickery manage to claim that you "asked for the program." The most prevalent are the "Search Engine Hijack" worms that change your default search page to something else. They may also install a "search toolbar." The "search engine" gets paid for every "hit" that's made from their "searches." Most such searches are just canned lists of people who have agreed to pay them. Unfortunately most include people who pay them to send you to sites where they can download other malware. The most "insidious" malware probably is the group of "zombie" worms that download a program that opens ports that someone else can use to make your machine send spam, spread their worm, or do other things you don't want it doing. In most cases, simple AV will NOT DETECT these. A common "first clue" is when one of the "zombies" downloads a virus that they intend to use your machine to spread. The downloaded virus may be detected. The "home sites" for these are generally disabled fairly quickly, so your system may just "fall apart" due to attempts by the worm to contact a site that doesn't exist. The most accepted programs for finding if you've been infected by one of the non-viral malware components are probably Spybot and Ad-Aware, and one or both of these should be obtained and run with current search definitions if there is any reason to suspect something is wrong. As of a few days ago, there were only three "exploits" in known circulation that do not use "holes" in Windows for which patches are available. Those three are now on the "critical list" and patches should be available soon. The infections using the unpatched holes are not (yet) in wide circulation, so it's unlikely anyone here has seen them. Get current, by getting available updates from Microsoft. (WinXP users who are still concerned can get most updates without installing SP2.) And hang up your cell phone. Source code for the cell-phone worm, previously able to infect only one particular kind of phone, was "leaked" on the internet last week. It is expected that new versions will be capable of infecting all web capable cell phones within a couple of weeks. Sorry, I can't help there. John |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Peace Date: 31 Dec 04 - 02:27 PM WOW. I have passed all the info to him and thank you very much for your help. He has been worried because a book he's working on is on that PC, and despite havin a CD with the info on it--downloaded a few months back--his new writing since then may have been accessed. I knew the 'cat had its share of wild and crazy geniuses--but now I know they're fast, too. A million thanks. I wish I could make each one of those thanks a dollar. Instead, may you make a dollar for each one of those thanks. Happy New Year to you all. Bruce |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: GUEST,.gargoyle Date: 31 Dec 04 - 09:11 PM More than "POSSIBLE" brucie..... it is "FACTUAL"
|
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Rapparee Date: 31 Dec 04 - 09:41 PM If you're on the Internet and you don't have a firewall, get one. I installed a new PC for my mother-in-law over Christmas. Brand new, fresh out of the box. Before I connected it to the Internet: Spybot S&D found 6 spyware programs; Win Doctor (part of Norton Systemworks) found and corrected 37 problems. After I logged onto the Internet and was active there for about an hour (using Earthlink dialup), there were three more spywares. During that hour Norton Firewall blocked four attempts from IP address 255.255.255.255 -- which sounds to me more like a subnet mask, but who knows? I use broadband here at home and have both PCs firewalled (and yeah, we're networked and the router is also firewalled). At work we have a firewall, of course. As I've said elsewhere, you're not going to keep out the government, but you can make it damned hard for anyone else. Lock your car doors, lock your house door, lock your computer. |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: JohnInKansas Date: 01 Jan 05 - 02:36 AM One thing that the Norton Security Check mentioned above found on my setup that I wasn't fully aware of was one "visible" port in my firewall. Ideally, your firewall should make all ports on machines behind it invisible to outside queries to your address. Unfortunately, Win2K requires one port to be visible in order to be functional on a simple LAN, and I'm stuck with one Win2K machine on the LAN (until I can talk her into upgrading). The firewall blocks access to the port from outside quite effectively, but it would really be better if the port couldn't even be seen. Invisible is the goal. John |
|
Subject: RE: Tech: Theft from someone's PC: possible? From: Rapparee Date: 01 Jan 05 - 11:56 AM JiK, long ago and far away I once prepared a nasty little trap for would-be crackers. On a Unix machine, I created a file with a name something like "Everybodys_Passwords_Unencrypted" -- not that name, of course, but you get the idea. Really attractive bait. If you opened the file, your machine would be flooded with about 500,000 CODABAR barcodes, converted to hex. It would, in effect, overwrite your hard drive with the barcodes. The trap was never triggered, and eventually I wiped that HD. Sure wish I could remember how I did that! |
| Share Thread: |