Posted on 2006-04-04
Last Modified: 2010-04-11
I don't want to sound paranoid but I am annoyed. I have a stand alone system at work. The only connection I have is a phone line for my dial-up. Somehow, everyday i turn on my system and have a feeling that someone got in my system either copied my working files or messed up my data files. Here and there I found some files that were not initiated by me in webpage format event with an address of ftp. Some of my reports were incorrected because the data were switched places. I put a password in bios. My windows xp does not have guess account turned on. I am the only one has the passwords. Once I encrypted a file contends all my passwords. A month later I could not open because that file had a different user id (???) . I could not even delete it . Few months later I was able to delete it. I changed most of my passwords since then. I can't physical lock up my office. Can anyone gives me some hints about the intruder? I know  he/she was in my system.I know he/she mess up my files. I got blames of my reports full of wrong data. We have a wireless network but my second computer connected with the server by local lan. My second system connects with my main system through a usb bridge. Most of all I am not in a friendly term with my IT manager. Thank in advance for save me a trip to a mind doctor.
Question by:gw252
    LVL 42

    Expert Comment

    you might have a keylogger installed on your computer.
    i suggest running a scan for malware.

    start with hijackthis.   it will produce a log.  you can then run the log through the analyzer at
    the analyzer will produce a report.  at the end of the report is an option to save the report.  save it and post a link to saved report here.
    LVL 57

    Expert Comment

    Umm I am a bit confused.  How many systems do you have at work?

    You state that you have a stand alone system with only a phone line.  Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB.  If the "primary" system is the standalone system, then it is NOT stand alone.  It is possible to connect to it from the LAN going through second computer using the USB connection.

    As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.

    Author Comment

    Let me make it a little bit clearer.

    1  My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)

    2  My second computer is connected to  a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.

    Hope you can figure it out for me.

    LVL 57

    Expert Comment

    Umm, go back and re-read what you just wrote.  Then take a deep breath.

    "There is no network connection on this except ...." That means there IS a network connection.  

    "...just to exchange files ..."  I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.

    You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.

    Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it.  If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy.  Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.

    If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes.  Then check the event log to see who is signing on.  If the first computer is not company authorized, then I would check company policy.
    LVL 13

    Expert Comment

    BIOS password - is that power-on password or just a password for access to the BIOS?  If the former, and no one else knows it, and you've powered the machine off before going home and come in the following morning and power it back on and are prompted for the power on password, then you are indeed delusion and should seek medical help.

    Author Comment

    When I turn the power on
     1  I need to enter a  password to get the windows starts
     2  And the windows starts and I enter user's password ...

    Not yet but thanks for the comment.

    Author Comment


    You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.

    LVL 5

    Expert Comment

    <<If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.>>
    Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.

    I hope that answers your question.

    All the best

    LVL 57

    Accepted Solution

    O.K.  From a technical standpoint:  If you can logon to Comptuer #2 ("the networked comptuer") and see files in any way shape or form on Computer #1 ("the standalone comptuer"), then ANYBODY can logon to Comptuer #2 and see the same files as you can.  PERIOD.

    speak2ab, if you read the previous posts he basically has:

        LAN <-----> Comptuer #2 <-- USB --> Computer #1

    He beleives that Comptuer #1 is isolated because it does not have a "network" connection.  

    Gw252, what you have to realize is that the USB cable is providing some level of a network connection.  Again, if you can do something to transfer files between your two comptuers, then anybody can.  Some USB network connection make it look just like a normal every day LAN connection that supports IP connectivity for anything you can do over a Ethernet connection.

    So from a technical point of view it is 100% possible.  Now if it is possible in your specific situation depends on how you have logically set it up.  There are ways that you could have it setup so that it is highly unlikely that somebody could use computer#2 to to get computer #1.

    LVL 1

    Assisted Solution

    I would just like to add a few thoughts of my own to this:

    In your setup, there seems to be two routes for an attacker into your computer:
    1. Physical. If the intruder knows what they are doing and has about 30 minutes maximum (2 minutes in most cases) unattended with your computer, they are in, with full access to all your files. There is no way to stop this apart from encrypting the entire contents of the drive with a strong encryption algorithm, and a password that is not easy to guess (A good rule of thumb is that if it's in the dictionary or a book of names, it's not so much a password as a false sense of security).
    2. Network. Despite your initial claim, you are networked to at least one other computer, which in turn could be used to gain unauthorised access to your own (only while it is on, mind :D). If you are using a Windows PC without a firewall, at the same time, it is no wonder. Install a firewall (off the top of the head, i'd suggest ZoneAlarm off as a free solution), and learn how to use it. However, i believe it is very possible you have already been compromised, and in this case, you can no longer trust your computer to be secure, almost no matter what you do. The only solution for this is a format, and reinstall, and get it all protected again before you connect to any network. Do not think that just a few seconds won't hurt - i heard an unprotected Windows PC on the internet averages 15 minutes before it is compromised on the internet, and that was quite a while back. This other PC could also have a worm, which will infect you the second you connect.

    As a paranoid person, if it were me:
    Reinstall and secure the computer, without any connection to another computer/wireless device. Change all the passwords, and use a never before used, and secure password.
    Encrypt the contents of the hard drive using your favourite solution.
    Run as a user account for everday tasks, as 99.9% of times this will save you from virii/spyware, etc.

    Author Comment

    Thank you. Even I did not get any direct solutions for my problem but I learned some insights.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now