Re: Weird events: please advise
From: Writehand (sophie.jameson_at_ntlworld.com)
Date: 06/17/04
- Next message: \: "Re: Kerio [2.1.5] Error "Rule Set Full""
- Previous message: Daniel Crichton: "Re: port 80 is open"
- In reply to: igor: "Re: Weird events: please advise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 17 Jun 2004 12:24:50 +0100
On Wed, 16 Jun 2004 19:24:14 +1000, "igor" <nuklear@iprimus.com.au>
wrote:
>I noticed same problem once
>
>Look in your task scheduler, you may have a schedule to run a program every
>5 min with similar name to live update in your windows folder. remove it
Thanks for the advice.
Things have moved on - here's an update:
Having isolated the machine, my friend's had time to examine the hard
drive carefully.
Quite apart from the multiple bits of adware/spyware, he found the key
files containing his software work infected with a virus that would
have destroyed all his data as soon as he opened the files.
Far more worrying, he found a lot of what looks like security services
encryption files he has never seen before in an archive folder. Had he
not been going through his system with such care he might not have
noticed them - the folder hadn't been used for a couple of years. The
files look as though they could be dynamite.
When I say "looks like" - as soon as he found them he consulted his
lawyer, who passed him on to a criminal lawyer. He then took the whole
thing to his offices.
A copy of the hard drive is now with my friend's lawyer and my friend
has involved the police.
Someone appears to have hacked him either to store sensitive files or
to place incriminating material on his drive.
I am pretty certain no legitimate commercial organisation would do
this. My guess is that it's some weirdo who, for whatever reason, is
trying to damage the guy.
BTW, it's interesting to read different posts - different viewpoints
about my dopey friend's security. His vagueness doesn't surprise me at
all - after all, doctors (a professional group I've worked with
extensively) are famous for missing diseases in their immediate family
- and my friend only ever used that machine for gaming and coursework.
Guess it depends on your perspective. If you're selling security
software/hardware or providing support you're going to be all too
aware of the vital importance of online security in your daily life.
My friend works on obscure corners of anti-virus programming and, I
guess, he just didn't focus on its relevance to his home PC. He will
now. <g>
As for Windows 98 - with a wife and kids at home and a state of the
art set up at work, upgrading my home kit wouldn't necessarily be my
priority.
Anyway - that's where we stand. I don't expect the police will be that
interested - they're not interested in domestic burglaries, after all.
At least he's passed the problem to the authorities, and set up an
entirely new, more secure system. Of course, the poor guy is driving
himself crazy trying to work out who might have done it, but I guess
he may never know.
Thanks for your help.
Writehand
- Next message: \: "Re: Kerio [2.1.5] Error "Rule Set Full""
- Previous message: Daniel Crichton: "Re: port 80 is open"
- In reply to: igor: "Re: Weird events: please advise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
