[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

A client saw a message on her PC that says, "Jason-PC disconnected" - does that mean that someone was on her computer?

Posted on 2011-03-03
8
Medium Priority
?
313 Views
Last Modified: 2012-05-11
We had one of our legal advisors at a business yesterday and just before she shut down her computer she said she saw a message box pop up in the bottom right hand corner of her screen that says, "Jason-PC Disconnected".  Keep in mind, when she got there yesterday their IT guy put her on their network so that she could 1) use the web and 2) print to their shared printer.

I remote logged into her computer this morning and saw that "File Print Sharing" was on... so my question is, does that mean that anyone on their network would be able to see her files?  If so, would it really give her a message that says says someone disconnected?  I've never seen that message before and I'm trying to figure out if I should be concerned.. and/or what to do about it.  I did turn OFF file / print sharing while i was logged in.

Any suggestions?
0
Comment
Question by:sherrills
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Expert Comment

by:Trusol
ID: 35027799
Did the clients IT department remote to her at any time? It sounds like there was a Damware or similar software session going on, and when she logged off, the network connection closed and disconnected the remote session.

Even if they had shared out her hard drive for some reason, you wouldn't actively see when someone was on like that, you'd have to go to shared folders -> open shares to see who was acessing files on your computer. If you want peace of mind though, you can go to Shares under shared folders and remove the default c$ admin share, as well as make sure nothing else has been shared out
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35027815
This could be any third party software of VNC type. Sharing a desktop and being logged on witout any soft in Windows requires user to accept a connection.
0
 
LVL 4

Expert Comment

by:ChuckDeezel
ID: 35028514
Was she put on a Wireless network? If so there is a slight chance that the wireless network was named Jason-PC. Just a shot in the dark there. Now, why someone would name an SSID Jasons-PC is beyond me, but I have seen stranger SSID's.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:sherrills
ID: 35028699
She was on a wireless network, but I agree Jason-PC would be a very strange name for the network... i'll remote back into her PC and see if I can see what the wireless network name is.

The clients IT department should definitely not have remoted into her PC... hmmm so is there a way to see if someone was accessing shared files at this point or is it too late?
0
 
LVL 1

Accepted Solution

by:
Trusol earned 1000 total points
ID: 35028826
As far as I know, not unless you had auditing enabled on your files, which would be very unusual for a workstation.
0
 
LVL 4

Expert Comment

by:ChuckDeezel
ID: 35028974
Check the event log. Look under the security and under the system log (hell application log while you are at it to see if there were any unusual applications launched around the time that she was logged in. Applications that she would not normally launch in her day to day operations, or maybe see if there are any entries for remote assist, dameware, etc.
0
 
LVL 4

Expert Comment

by:ChuckDeezel
ID: 35028980
Sorry, event log is under Control Panel, Administrative Tools.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 35029967
"Jason-PC" was probably another computer on the network.  It may not have been snooping, as there are applications that automatically look for shared files.  iTunes searches the network for other iTunes users.

Then again...if it was disconnected, that means it was actually connected to content.

Also, it didn't have to be a remote connection like RDP or VNC.  You can connect to a file share or administrative share without installing/running software.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question