intruder

I don't want to sound paranoid but I am annoyed. I have a stand alone system at work. The only connection I have is a phone line for my dial-up. Somehow, everyday i turn on my system and have a feeling that someone got in my system either copied my working files or messed up my data files. Here and there I found some files that were not initiated by me in webpage format event with an address of ftp. Some of my reports were incorrected because the data were switched places. I put a password in bios. My windows xp does not have guess account turned on. I am the only one has the passwords. Once I encrypted a file contends all my passwords. A month later I could not open because that file had a different user id (???) . I could not even delete it . Few months later I was able to delete it. I changed most of my passwords since then. I can't physical lock up my office. Can anyone gives me some hints about the intruder? I know  he/she was in my system.I know he/she mess up my files. I got blames of my reports full of wrong data. We have a wireless network but my second computer connected with the server by local lan. My second system connects with my main system through a usb bridge. Most of all I am not in a friendly term with my IT manager. Thank in advance for save me a trip to a mind doctor.
gw252Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zephyr_hex (Megan)DeveloperCommented:
you might have a keylogger installed on your computer.
i suggest running a scan for malware.

start with hijackthis.   http://www.majorgeeks.com/download3155.html   it will produce a log.  you can then run the log through the analyzer at http://www.hijackthis.de
the analyzer will produce a report.  at the end of the report is an option to save the report.  save it and post a link to saved report here.
0
giltjrCommented:
Umm I am a bit confused.  How many systems do you have at work?

You state that you have a stand alone system with only a phone line.  Then you state you have a second system that is not only LAN attached, but is attached to your primary computer via USB.  If the "primary" system is the standalone system, then it is NOT stand alone.  It is possible to connect to it from the LAN going through second computer using the USB connection.

As this is a work comptuer my guess is that it was setup by your IT group and they most likely will have a userid and account on it that has local admin authority.
0
gw252Author Commented:
Let me make it a little bit clearer.

1  My first computer links to my second computer just to exchange files and share a printer between them.And I set it up and linked them.I have administrator password. There is no network connection on this except the usb's ( 1 for files , 2 for printer)

2  My second computer is connected to  a local network. This was set up by IT mgr and he probably has user id and account on this .I don't have administrator password.

Hope you can figure it out for me.

Thanks
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

giltjrCommented:
Umm, go back and re-read what you just wrote.  Then take a deep breath.

"There is no network connection on this except ...." That means there IS a network connection.  

"...just to exchange files ..."  I will assume then that at least one of the computers, most likely your "first" computer, is setup as a file server, and so your second computer has a drive that is mapped to your first computer.

You do realize that if the second computer can get to files on the first computer then by logging on to the second computer they can gain access to files on the first one.

Now, if your first computer is a company computer, then unless there is a special case/situation, your IT department should have access to it.  If your first comptuer is your personal computer, then there is a good chance you are breaking a company policy.  Most companies have policies against using personal computer at work, especially connecting them to the network and your first computer IS indirectly connected to the network.

If the first computer is a company authorized comptuer and you have admin right, then enable auditing for logons, both failed and successes.  Then check the event log to see who is signing on.  If the first computer is not company authorized, then I would check company policy.
0
hstilesCommented:
BIOS password - is that power-on password or just a password for access to the BIOS?  If the former, and no one else knows it, and you've powered the machine off before going home and come in the following morning and power it back on and are prompted for the power on password, then you are indeed delusion and should seek medical help.
0
gw252Author Commented:
Hstiles,
When I turn the power on
 1  I need to enter a  password to get the windows starts
 2  And the windows starts and I enter user's password ...

Not yet but thanks for the comment.
0
gw252Author Commented:
giltjr,

You have a point there. Have you heard of usb link? If both computers have that software on then I can move files from one to another.If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.

Thanks
0
speak2abCommented:
<<If they are not on linking software  can  someone still go to my first computer via the second one?That is what I am trying to find out.>>
Gw252 without 2 computers connected no one can remotely access them. So be rest assured in that case . The only way of accesing such a pc is by personally logging into the PC and that is via your password. I guess you will want to verify how safe your paswords are. If the PC is on a network then it can be accessed especially when you are not the net Admin of the network.

I hope that answers your question.

All the best

AB
0
giltjrCommented:
O.K.  From a technical standpoint:  If you can logon to Comptuer #2 ("the networked comptuer") and see files in any way shape or form on Computer #1 ("the standalone comptuer"), then ANYBODY can logon to Comptuer #2 and see the same files as you can.  PERIOD.

speak2ab, if you read the previous posts he basically has:

    LAN <-----> Comptuer #2 <-- USB --> Computer #1

He beleives that Comptuer #1 is isolated because it does not have a "network" connection.  

Gw252, what you have to realize is that the USB cable is providing some level of a network connection.  Again, if you can do something to transfer files between your two comptuers, then anybody can.  Some USB network connection make it look just like a normal every day LAN connection that supports IP connectivity for anything you can do over a Ethernet connection.

So from a technical point of view it is 100% possible.  Now if it is possible in your specific situation depends on how you have logically set it up.  There are ways that you could have it setup so that it is highly unlikely that somebody could use computer#2 to to get computer #1.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bloodrazorCommented:
I would just like to add a few thoughts of my own to this:

In your setup, there seems to be two routes for an attacker into your computer:
1. Physical. If the intruder knows what they are doing and has about 30 minutes maximum (2 minutes in most cases) unattended with your computer, they are in, with full access to all your files. There is no way to stop this apart from encrypting the entire contents of the drive with a strong encryption algorithm, and a password that is not easy to guess (A good rule of thumb is that if it's in the dictionary or a book of names, it's not so much a password as a false sense of security).
2. Network. Despite your initial claim, you are networked to at least one other computer, which in turn could be used to gain unauthorised access to your own (only while it is on, mind :D). If you are using a Windows PC without a firewall, at the same time, it is no wonder. Install a firewall (off the top of the head, i'd suggest ZoneAlarm off zonealarm.com as a free solution), and learn how to use it. However, i believe it is very possible you have already been compromised, and in this case, you can no longer trust your computer to be secure, almost no matter what you do. The only solution for this is a format, and reinstall, and get it all protected again before you connect to any network. Do not think that just a few seconds won't hurt - i heard an unprotected Windows PC on the internet averages 15 minutes before it is compromised on the internet, and that was quite a while back. This other PC could also have a worm, which will infect you the second you connect.

As a paranoid person, if it were me:
Format.
Reinstall and secure the computer, without any connection to another computer/wireless device. Change all the passwords, and use a never before used, and secure password.
Encrypt the contents of the hard drive using your favourite solution.
Run as a user account for everday tasks, as 99.9% of times this will save you from virii/spyware, etc.
0
gw252Author Commented:
Thank you. Even I did not get any direct solutions for my problem but I learned some insights.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.