gw252
asked on
intruder
I don't want to sound paranoid but I am annoyed. I have a stand alone system at work. The only connection I have is a phone line for my dial-up. Somehow, everyday i turn on my system and have a feeling that someone got in my system either copied my working files or messed up my data files. Here and there I found some files that were not initiated by me in webpage format event with an address of ftp. Some of my reports were incorrected because the data were switched places. I put a password in bios. My windows xp does not have guess account turned on. I am the only one has the passwords. Once I encrypted a file contends all my passwords. A month later I could not open because that file had a different user id (???) . I could not even delete it . Few months later I was able to delete it. I changed most of my passwords since then. I can't physical lock up my office. Can anyone gives me some hints about the intruder? I know he/she was in my system.I know he/she mess up my files. I got blames of my reports full of wrong data. We have a wireless network but my second computer connected with the server by local lan. My second system connects with my main system through a usb bridge. Most of all I am not in a friendly term with my IT manager. Thank in advance for save me a trip to a mind doctor.
Umm I am a bit confused. How many systems do you have at work?
You state that you have a stand alone system with only a phone line. Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB. If the "primary" system is the standalone system, then it is NOT stand alone. It is possible to connect to it from the LAN going through second computer using the USB connection.
As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.
You state that you have a stand alone system with only a phone line. Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB. If the "primary" system is the standalone system, then it is NOT stand alone. It is possible to connect to it from the LAN going through second computer using the USB connection.
As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.
ASKER
Let me make it a little bit clearer.
1 My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)
2 My second computer is connected to a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.
Hope you can figure it out for me.
Thanks
1 My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)
2 My second computer is connected to a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.
Hope you can figure it out for me.
Thanks
Umm, go back and re-read what you just wrote. Then take a deep breath.
"There is no network connection on this except ...." That means there IS a network connection.
"...just to exchange files ..." I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.
You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.
Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it. If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy. Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.
If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes. Then check the event log to see who is signing on. If the first computer is not company authorized, then I would check company policy.
"There is no network connection on this except ...." That means there IS a network connection.
"...just to exchange files ..." I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.
You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.
Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it. If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy. Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.
If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes. Then check the event log to see who is signing on. If the first computer is not company authorized, then I would check company policy.
BIOS password - is that power-on password or just a password for access to the BIOS? If the former, and no one else knows it, and you've powered the machine off before going home and come in the following morning and power it back on and are prompted for the power on password, then you are indeed delusion and should seek medical help.
ASKER
Hstiles,
When I turn the power on
1 I need to enter a password to get the windows starts
2 And the windows starts and I enter user's password ...
Not yet but thanks for the comment.
When I turn the power on
1 I need to enter a password to get the windows starts
2 And the windows starts and I enter user's password ...
Not yet but thanks for the comment.
ASKER
giltjr,
You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software can someone still go to my first computer via the second one?That is what I am trying to find out.
Thanks
You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software can someone still go to my first computer via the second one?That is what I am trying to find out.
Thanks
<<If they are not on linking software can someone still go to my first computer via the second one?That is what I am trying to find out.>>
Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.
I hope that answers your question.
All the best
AB
Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.
I hope that answers your question.
All the best
AB
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. Even I did not get any direct solutions for my problem but I learned some insights.
i suggest running a scan for malware.
start with hijackthis. http://www.majorgeeks.com/download3155.html it will produce a log. you can then run the log through the analyzer at http://www.hijackthis.de
the analyzer will produce a report. at the end of the report is an option to save the report. save it and post a link to saved report here.