Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

intruder

Posted on 2006-04-04
11
Medium Priority
?
372 Views
Last Modified: 2010-04-11
I don't want to sound paranoid but I am annoyed. I have a stand alone system at work. The only connection I have is a phone line for my dial-up. Somehow, everyday i turn on my system and have a feeling that someone got in my system either copied my working files or messed up my data files. Here and there I found some files that were not initiated by me in webpage format event with an address of ftp. Some of my reports were incorrected because the data were switched places. I put a password in bios. My windows xp does not have guess account turned on. I am the only one has the passwords. Once I encrypted a file contends all my passwords. A month later I could not open because that file had a different user id (???) . I could not even delete it . Few months later I was able to delete it. I changed most of my passwords since then. I can't physical lock up my office. Can anyone gives me some hints about the intruder? I know  he/she was in my system.I know he/she mess up my files. I got blames of my reports full of wrong data. We have a wireless network but my second computer connected with the server by local lan. My second system connects with my main system through a usb bridge. Most of all I am not in a friendly term with my IT manager. Thank in advance for save me a trip to a mind doctor.
0
Comment
Question by:gw252
11 Comments
 
LVL 44

Expert Comment

by:zephyr_hex (Megan)
ID: 16377881
you might have a keylogger installed on your computer.
i suggest running a scan for malware.

start with hijackthis.   http://www.majorgeeks.com/download3155.html   it will produce a log.  you can then run the log through the analyzer at http://www.hijackthis.de
the analyzer will produce a report.  at the end of the report is an option to save the report.  save it and post a link to saved report here.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16388406
Umm I am a bit confused.  How many systems do you have at work?

You state that you have a stand alone system with only a phone line.  Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB.  If the "primary" system is the standalone system, then it is NOT stand alone.  It is possible to connect to it from the LAN going through second computer using the USB connection.

As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.
0
 

Author Comment

by:gw252
ID: 16388666
Let me make it a little bit clearer.

1  My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)

2  My second computer is connected to  a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.

Hope you can figure it out for me.

Thanks
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 57

Expert Comment

by:giltjr
ID: 16388751
Umm, go back and re-read what you just wrote.  Then take a deep breath.

"There is no network connection on this except ...." That means there IS a network connection.  

"...just to exchange files ..."  I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.

You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.

Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it.  If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy.  Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.

If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes.  Then check the event log to see who is signing on.  If the first computer is not company authorized, then I would check company policy.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 16392635
BIOS password - is that power-on password or just a password for access to the BIOS?  If the former, and no one else knows it, and you've powered the machine off before going home and come in the following morning and power it back on and are prompted for the power on password, then you are indeed delusion and should seek medical help.
0
 

Author Comment

by:gw252
ID: 16397424
Hstiles,
When I turn the power on
 1  I need to enter a  password to get the windows starts
 2  And the windows starts and I enter user's password ...

Not yet but thanks for the comment.
0
 

Author Comment

by:gw252
ID: 16397464
giltjr,

You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.

Thanks
0
 
LVL 5

Expert Comment

by:speak2ab
ID: 16398096
<<If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.>>
Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.

I hope that answers your question.

All the best

AB
0
 
LVL 57

Accepted Solution

by:
giltjr earned 195 total points
ID: 16400050
O.K.  From a technical standpoint:  If you can logon to Comptuer #2 ("the networked comptuer") and see files in any way shape or form on Computer #1 ("the standalone comptuer"), then ANYBODY can logon to Comptuer #2 and see the same files as you can.  PERIOD.

speak2ab, if you read the previous posts he basically has:

    LAN <-----> Comptuer #2 <-- USB --> Computer #1

He beleives that Comptuer #1 is isolated because it does not have a "network" connection.  

Gw252, what you have to realize is that the USB cable is providing some level of a network connection.  Again, if you can do something to transfer files between your two comptuers, then anybody can.  Some USB network connection make it look just like a normal every day LAN connection that supports IP connectivity for anything you can do over a Ethernet connection.

So from a technical point of view it is 100% possible.  Now if it is possible in your specific situation depends on how you have logically set it up.  There are ways that you could have it setup so that it is highly unlikely that somebody could use computer#2 to to get computer #1.

0
 
LVL 1

Assisted Solution

by:bloodrazor
bloodrazor earned 180 total points
ID: 16408570
I would just like to add a few thoughts of my own to this:

In your setup, there seems to be two routes for an attacker into your computer:
1. Physical. If the intruder knows what they are doing and has about 30 minutes maximum (2 minutes in most cases) unattended with your computer, they are in, with full access to all your files. There is no way to stop this apart from encrypting the entire contents of the drive with a strong encryption algorithm, and a password that is not easy to guess (A good rule of thumb is that if it's in the dictionary or a book of names, it's not so much a password as a false sense of security).
2. Network. Despite your initial claim, you are networked to at least one other computer, which in turn could be used to gain unauthorised access to your own (only while it is on, mind :D). If you are using a Windows PC without a firewall, at the same time, it is no wonder. Install a firewall (off the top of the head, i'd suggest ZoneAlarm off zonealarm.com as a free solution), and learn how to use it. However, i believe it is very possible you have already been compromised, and in this case, you can no longer trust your computer to be secure, almost no matter what you do. The only solution for this is a format, and reinstall, and get it all protected again before you connect to any network. Do not think that just a few seconds won't hurt - i heard an unprotected Windows PC on the internet averages 15 minutes before it is compromised on the internet, and that was quite a while back. This other PC could also have a worm, which will infect you the second you connect.

As a paranoid person, if it were me:
Format.
Reinstall and secure the computer, without any connection to another computer/wireless device. Change all the passwords, and use a never before used, and secure password.
Encrypt the contents of the hard drive using your favourite solution.
Run as a user account for everday tasks, as 99.9% of times this will save you from virii/spyware, etc.
0
 

Author Comment

by:gw252
ID: 16461021
Thank you. Even I did not get any direct solutions for my problem but I learned some insights.
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Spectre and Meltdown, how it affects me and my clients?
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question