Question

intruder

Asked by: gw252

I don't want to sound paranoid but I am annoyed. I have a stand alone system at work. The only connection I have is a phone line for my dial-up. Somehow, everyday i turn on my system and have a feeling that someone got in my system either copied my working files or messed up my data files. Here and there I found some files that were not initiated by me in webpage format event with an address of ftp. Some of my reports were incorrected because the data were switched places. I put a password in bios. My windows xp does not have guess account turned on. I am the only one has the passwords. Once I encrypted a file contends all my passwords. A month later I could not open because that file had a different user id (???) . I could not even delete it . Few months later I was able to delete it. I changed most of my passwords since then. I can't physical lock up my office. Can anyone gives me some hints about the intruder? I know  he/she was in my system.I know he/she mess up my files. I got blames of my reports full of wrong data. We have a wireless network but my second computer connected with the server by local lan. My second system connects with my main system through a usb bridge. Most of all I am not in a friendly term with my IT manager. Thank in advance for save me a trip to a mind doctor.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-04-04 at 20:12:27ID21801980
Topic

Miscellaneous Security

Participating Experts
5
Points
125
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Intruder
    What is the quickest and easiest way to find out if there is an intruder on the network? We have a win 2000 network, thanks
  2. How to prevent internal intruder
    I am network administrator in one of the company in malaysia, and a novice in IT security. Lately, an internal intruder who able to sniffer the packet in my network send an email to me everyday, and telling me all the activities that i did. For eg. The content of email that i...
  3. Linksys wireless b router locks up everyday
    I have bellsouth DSL and two linksys routers. One wireless and one cable. The modem connects to the wireless and the wireless is connected to the wired router. Everyday when I come in to check out the system the wireless router seems to have locked up and I have to disconn...
  4. System hacked by an intruder
    While I was working on my network system something wierd started to happen. Someone was accessing my system. I need to know what commands should I run in order to track the intruder ? When I opened the web browser the intruder started to type in it and that was very frustrat...
  5. How can  I secure a wireless router from being accessed b…
    Hi Experts, I have a wireless router with several PCs connected to it. I want to secure the access to the internet so that people within the proximity of the wireless router cannot connect to the Internet without first being granted permission. How can I secure a wireless ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: zephyr_hexPosted on 2006-04-04 at 20:19:23ID: 16377881

you might have a keylogger installed on your computer.
i suggest running a scan for malware.

start with hijackthis.   http://www.majorgeeks.com/download3155.html   it will produce a log.  you can then run the log through the analyzer at http://www.hijackthis.de
the analyzer will produce a report.  at the end of the report is an option to save the report.  save it and post a link to saved report here.

 

by: giltjrPosted on 2006-04-05 at 19:10:38ID: 16388406

Umm I am a bit confused.  How many systems do you have at work?

You state that you have a stand alone system with only a phone line.  Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB.  If the "primary" system is the standalone system, then it is NOT stand alone.  It is possible to connect to it from the LAN going through second computer using the USB connection.

As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.

 

by: gw252Posted on 2006-04-05 at 20:01:12ID: 16388666

Let me make it a little bit clearer.

1  My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)

2  My second computer is connected to  a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.

Hope you can figure it out for me.

Thanks

 

by: giltjrPosted on 2006-04-05 at 20:23:12ID: 16388751

Umm, go back and re-read what you just wrote.  Then take a deep breath.

"There is no network connection on this except ...." That means there IS a network connection.  

"...just to exchange files ..."  I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.

You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.

Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it.  If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy.  Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.

If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes.  Then check the event log to see who is signing on.  If the first computer is not company authorized, then I would check company policy.

 

by: hstilesPosted on 2006-04-06 at 08:20:28ID: 16392635

BIOS password - is that power-on password or just a password for access to the BIOS?  If the former, and no one else knows it, and you've powered the machine off before going home and come in the following morning and power it back on and are prompted for the power on password, then you are indeed delusion and should seek medical help.

 

by: gw252Posted on 2006-04-06 at 19:18:48ID: 16397424

Hstiles,
When I turn the power on
 1  I need to enter a  password to get the windows starts
 2  And the windows starts and I enter user's password ...

Not yet but thanks for the comment.

 

by: gw252Posted on 2006-04-06 at 19:30:26ID: 16397464

giltjr,

You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.

Thanks

 

by: speak2abPosted on 2006-04-06 at 22:44:50ID: 16398096

<<If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.>>
Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.

I hope that answers your question.

All the best

AB

 

by: giltjrPosted on 2006-04-07 at 06:10:29ID: 16400050

O.K.  From a technical standpoint:  If you can logon to Comptuer #2 ("the networked comptuer") and see files in any way shape or form on Computer #1 ("the standalone comptuer"), then ANYBODY can logon to Comptuer #2 and see the same files as you can.  PERIOD.

speak2ab, if you read the previous posts he basically has:

    LAN <-----> Comptuer #2 <-- USB --> Computer #1

He beleives that Comptuer #1 is isolated because it does not have a "network" connection.  

Gw252, what you have to realize is that the USB cable is providing some level of a network connection.  Again, if you can do something to transfer files between your two comptuers, then anybody can.  Some USB network connection make it look just like a normal every day LAN connection that supports IP connectivity for anything you can do over a Ethernet connection.

So from a technical point of view it is 100% possible.  Now if it is possible in your specific situation depends on how you have logically set it up.  There are ways that you could have it setup so that it is highly unlikely that somebody could use computer#2 to to get computer #1.

 

by: bloodrazorPosted on 2006-04-08 at 13:32:26ID: 16408570

I would just like to add a few thoughts of my own to this:

In your setup, there seems to be two routes for an attacker into your computer:
1. Physical. If the intruder knows what they are doing and has about 30 minutes maximum (2 minutes in most cases) unattended with your computer, they are in, with full access to all your files. There is no way to stop this apart from encrypting the entire contents of the drive with a strong encryption algorithm, and a password that is not easy to guess (A good rule of thumb is that if it's in the dictionary or a book of names, it's not so much a password as a false sense of security).
2. Network. Despite your initial claim, you are networked to at least one other computer, which in turn could be used to gain unauthorised access to your own (only while it is on, mind :D). If you are using a Windows PC without a firewall, at the same time, it is no wonder. Install a firewall (off the top of the head, i'd suggest ZoneAlarm off zonealarm.com as a free solution), and learn how to use it. However, i believe it is very possible you have already been compromised, and in this case, you can no longer trust your computer to be secure, almost no matter what you do. The only solution for this is a format, and reinstall, and get it all protected again before you connect to any network. Do not think that just a few seconds won't hurt - i heard an unprotected Windows PC on the internet averages 15 minutes before it is compromised on the internet, and that was quite a while back. This other PC could also have a worm, which will infect you the second you connect.

As a paranoid person, if it were me:
Format.
Reinstall and secure the computer, without any connection to another computer/wireless device. Change all the passwords, and use a never before used, and secure password.
Encrypt the contents of the hard drive using your favourite solution.
Run as a user account for everday tasks, as 99.9% of times this will save you from virii/spyware, etc.

 

by: gw252Posted on 2006-04-15 at 10:17:44ID: 16461021

Thank you. Even I did not get any direct solutions for my problem but I learned some insights.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...