?
Solved

Workplace Porn Monitoring Software Info

Posted on 2008-10-20
16
Medium Priority
?
1,155 Views
Last Modified: 2013-12-12
Please be gentle here, this is a serious question.

I work for a large financial company, and have a company laptop.
Recently - AT HOME I used my computer for personal web browsing - and out of pure stupidity- I clicked on a link on you tube that looked "interesting". anyway, after one click to the next to the next I ended up seeing you tube edited to avoid showing nudity video clips of titles containing "xxx", "boobs", you get the idea.
Since they don't show nudity I stupidly figured it's ok, then found out that some links - open up new websites which show full nudity and some xxx.
It was a stupid moment of indiscretion that turned into 2 hours of "curiousity".

Now am I fried?

I haven't yet docked my computer at work, I've decided to take personal vacation days until I can figure out what to do.
I can wipe my hard drive clean and reimage the computer, but is it already too late? Does the monitoring software identify bad words, images and on the spot remotely sent flags to a central server - or does it only scan when I'm attached to the work network?
How can I tell?
Any idea?
How can I even tell what they are using and what they could/have already flagged?
0
Comment
Question by:cgott42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 13

Expert Comment

by:Brum07
ID: 22758883
Did you use your own internet link?

If so then there should not be an issue as long as you clear the browser cache as most monitoring programs record the address when you actually request it not after but it does depend on the software used.

I would be very surprised if anything has been logged.

Hope this puts your mind at ease slightly.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22758925
Sounds to me like a job for:

http://www.ccleaner.com/


CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! :)

---

As long as they didn't install some monitoring software on your laptop that keeps it's own database this should do it.

---

Tolomir
0
 

Expert Comment

by:Cook77
ID: 22758939
If you can see that "intresting" content at home you aren't behind the corporate proxy! If its correct the IT guys can't see what you do at home over the Internet. But, if the IT guys installed a 'reporting' program on your laptop you has been caught. But anyway if I'm at you situation I clean the browser history and cache and cookies as well and think about a story by hoax mail what I got or whatever! :)

Good luck man!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:cgott42
ID: 22759074
Brum07:  I'm not clear on what you're asking.  re: my own internet link.  I just typed in www.youtube.com then a few clicks, and few search words, and clicks and boom.
Tolomir- thanks I will try that.

Cook77- I think you've hit it on the head.  This has me worried.  Is there a way to tell if they have installed "reporting" software that would have flagged my activity and sent a report that night from my pc to their server?

I don't think I have a story to make up - as I did type in search words to find more info on the models that I saw on the youtube page. i.e. It'd be worst if I was caught and then tried to lie - only to be caught in the lie.

Is there a way to detect if they have reporting software?
Now I'm even more worried.
0
 

Author Comment

by:cgott42
ID: 22759160
Tolomir- I just ran ccleaner.
now the question is how to find out if they have reporting software on my laptop.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22759352
hmmm

hijackthis scan and upload here

http://www.merijn.org/programs.php#hijackthis



0
 

Author Comment

by:cgott42
ID: 22759479
Tomomir:
I've attached the hijackthis.log file
hijackthis.log
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22761237
Ok this is the sort list.

There are enough tracking tools, but it seems to be performance related or windows log file collecting.

Nothing pr0n scanning though

[?] - C:\Program Files\Objective Software\EventMaster\EventMaster.exe
[?] - C:\Program Files\Objective Software\MessageMaster\MessageMasterRelay3.exe
[?] - C:\WINDOWS\TEMP\JGE888.EXE
[?] - C:\Program Files\ESI\WIPushUser.exe
[?] - C:\Program Files\ESI\ShutMon.exe
[?] - O4 - HKLM\..\Run: [PushUser] C:\Program Files\ESI\WIPushUser.exe 10 PushUser.lst
[?] - O4 - HKLM\..\Run: [ShutMon] C:\Program Files\ESI\ShutMon.exe
[?] - O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Aurilium Sound Agent 2\805cpl.exe
[?] - O4 - HKCU..PoliciesExplorerRun: [1] \endberm.netSysVolendberm.netscriptsLogonScr.exe /mode:AfterDesktop
[?] - O4 - HKCU\..\Policies\Explorer\Run: [2] C:\Program Files\ESI\LogonScrLocal.exe
[?] - O4 - S-1-5-18 Startup: Advanced Print Screen.lnk = ? (User 'SYSTEM')
[?] - O4 - .DEFAULT Startup: Advanced Print Screen.lnk = ? (User 'Default user')
[?] - O4 - Startup: WindowsEnabler400.LNK = C:\Program Files\WindowsEnabler400\WindowsEnabler400.exe
[?] - O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
[?] - O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab
[?] - O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = endberm.net
[?] - O17 - HKLM\Software\..\Telephony: DomainName = endberm.net
[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = endberm.net
[?] - O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
[?] - O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe
[?] - O23 - Service: ObjSoft EventMaster (EventMaster) - Objective Software, Inc. - C:\Program Files\Objective Software\EventMaster\EventMaster.exe
[?] - O23 - Service: ObjSoft MessageMaster Relay 3 (MessageMasterRelay3) - Objective Software, Inc. - C:\Program Files\Objective Software\MessageMaster\MessageMasterRelay3.exe
[?] - O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.1\op_capture_server.exe
[?] - O23 - Service: WinINSTALL Scheduler (WinINSTALLScheduler) - VERITAS Software Corporation - C:\WINDOWS\system32\sswschnt.exe

Open in new window

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22761245
could you give prevx scan a try please.

http://www.prevx.com/freescan.asp
0
 

Author Comment

by:cgott42
ID: 22761485
thanks, here's the prevx scan log
PrevxCSIScan.log
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22761725
ok so prevx says everything is fine?
0
 

Author Comment

by:cgott42
ID: 22761884
Was that a typo (the question mark) or are you asking me (cuz I dunno).
i.e. Does it show that there aren't any reporting services running.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 22762012
Nope, I wanted to be sure that you got no malware on the computer. there is this C:\WINDOWS\TEMP\JGE888.EXE file I find suspicious.

---

I cannot (using the hijackthis log) identify any reporting software.

As said, there is a lot or reporting software installed but that seems to be only for performance monitoring not for content scanning.


0
 
LVL 27

Accepted Solution

by:
Tolomir earned 2000 total points
ID: 22762082
Does the prevx scan result look like this?

Status:CLEAN

prevx.jpg
0
 

Author Comment

by:cgott42
ID: 22762276
yes, says, status - clean.
0
 

Author Closing Comment

by:cgott42
ID: 31507854
Thank you for your help and time checking the logs.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question