A Blank message? How?
Ok we have a situation where I work. Our HR person received an inappropriate picture from someone over here in Iraq. The person in question has his company laptop in his room. I checked his sent last message last night and the last one sent was at 9:43pm. Now looking at his delete folder there is a blank message in there, at least two. The strange thing is that the HR person sees the time stamp at 12:20am and that was the time stamp on this blank message.
I asked the person and he says he seen this message in his in box this mourning and seen it was blank and deleted it. Ok he had asked me to look at his Outlook this am before all the stink. This am he says he can’t see the from line on the view screen when Outlook first comes up but I figured that problem out, first time I have really seen it. Somehow in the reading pane the from option was at the far right dragging it back to the left brought it back into view.
My question has anyone every seen a completely blank message with just a time stamp? Is it possible to for someone to send him an email that could possibly resend a message without recording it.
This man is 60 years old and would not of ever sent a picture like that and also he is not very computer literate also note he had to fire an IT tech form over here about 2 months ago and this guy was a programmer.
Thanks
DK
I asked the person and he says he seen this message in his in box this mourning and seen it was blank and deleted it. Ok he had asked me to look at his Outlook this am before all the stink. This am he says he can’t see the from line on the view screen when Outlook first comes up but I figured that problem out, first time I have really seen it. Somehow in the reading pane the from option was at the far right dragging it back to the left brought it back into view.
My question has anyone every seen a completely blank message with just a time stamp? Is it possible to for someone to send him an email that could possibly resend a message without recording it.
This man is 60 years old and would not of ever sent a picture like that and also he is not very computer literate also note he had to fire an IT tech form over here about 2 months ago and this guy was a programmer.
Thanks
DK
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Greetings, daniels48 !
This sounds like programmer fired has put a a trojan virus or rootkit in the computer. You can reinstall the operating system or try to look for the trojan. Check for virus and adware
Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner
Spy Sweeper
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
3. If still no joy, download HijackThis
http://www.majorgeeks.com/download3155.html
Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save. Post a link to the saved list here.
Best wishes!
This sounds like programmer fired has put a a trojan virus or rootkit in the computer. You can reinstall the operating system or try to look for the trojan. Check for virus and adware
Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Kaspersky Virus Scan
http://www.kaspersky.com/virusscanner
Spy Sweeper
http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10405877.html
or
Ewido
http://www.ewido.net/en/
or
SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
3. If still no joy, download HijackThis
http://www.majorgeeks.com/download3155.html
Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save. Post a link to the saved list here.
Best wishes!
sheesh, gotta read before I press Submit...
I meant
addressing the conspiracy theory first; lets not jump to conclusions by pointing fingers... ugh...
I meant
addressing the conspiracy theory first; lets not jump to conclusions by pointing fingers... ugh...
daniels48,
Check for Rootkit
Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/try.shtml
Check for Rootkit
Rootkit Revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
or
F-Secure Blacklight
http://www.f-secure.com/blacklight/try.shtml
It could be spam(i thought that aswell) but reading the the post.
There was a sent message from someones machine at same time someone else received it. This open the possibility that on the persons PC that sent the email there could be a viral infection or security whole.
I would remove the machine from the network (incase there is a virus and it spreads through network) run a full virus scan.
There was a sent message from someones machine at same time someone else received it. This open the possibility that on the persons PC that sent the email there could be a viral infection or security whole.
I would remove the machine from the network (incase there is a virus and it spreads through network) run a full virus scan.
daniels48, any update?
ASKER
Well we just found that although the meassage wasn't sent be the users machine I logged onto his account and there was the sent message in question and there was about 50 sent messages so it looks like someone had his email password so I chaged it and I am still looking for another blank message to try and expand the headers. I ran the rootkit and found nothing. I had found another blank message on the web access and opened it and all kinds of activity was happening on the lower left of my screen I went to my email just to compare and I see nothing happening below when opening an email online. The user deleted it before I could grab it and expand the headers. Sheesh! Thanks everyone for your help... I ran about four anti virus programes and see nothing also Highjack this didnt show anythin that I could tell. Like I said I finally got the user to leave his mail alone so I can still see if I can capture one of the blank messages before I give hime a new email address.
DK
DK
ASKER
CLosing this trouble haven't seen any more blank messages and the home office has all the information, hope they try and persue it although I'm not sure if they can find an IP that it was logged into when whoever it was that did this.
Thanks for everyones help
DK
Thanks for everyones help
DK
Just in case its a virus or trjoan, scan the laptop with any AV product. See if the user has any attachments with code embedded into it.
Have the user change his password, just in case someone knows his password; and the password should be change to something that can't be discovered with a dictionary attack.
If you think that this programmer knows any passwords that can gain him entry to your system as an admin or even normal user, change it. A matter of fact, if you didn't implement a password expiration scheme for the company, this may be a good opportunity to do it.
Can't think of anything else off the top of my head, but the general idea is you want to outline your threat scenario and take steps to stop any further incursions... It is going to be backtracking the breach....
Regards,