Re: Weird events: please advise

From: Writehand (
Date: 06/17/04

Date: Thu, 17 Jun 2004 12:24:50 +0100

On Wed, 16 Jun 2004 19:24:14 +1000, "igor" <>

>I noticed same problem once
>Look in your task scheduler, you may have a schedule to run a program every
>5 min with similar name to live update in your windows folder. remove it

Thanks for the advice.

Things have moved on - here's an update:

Having isolated the machine, my friend's had time to examine the hard
drive carefully.

Quite apart from the multiple bits of adware/spyware, he found the key
files containing his software work infected with a virus that would
have destroyed all his data as soon as he opened the files.

Far more worrying, he found a lot of what looks like security services
encryption files he has never seen before in an archive folder. Had he
not been going through his system with such care he might not have
noticed them - the folder hadn't been used for a couple of years. The
files look as though they could be dynamite.

When I say "looks like" - as soon as he found them he consulted his
lawyer, who passed him on to a criminal lawyer. He then took the whole
thing to his offices.

A copy of the hard drive is now with my friend's lawyer and my friend
has involved the police.

Someone appears to have hacked him either to store sensitive files or
to place incriminating material on his drive.

I am pretty certain no legitimate commercial organisation would do
this. My guess is that it's some weirdo who, for whatever reason, is
trying to damage the guy.

BTW, it's interesting to read different posts - different viewpoints
about my dopey friend's security. His vagueness doesn't surprise me at
all - after all, doctors (a professional group I've worked with
extensively) are famous for missing diseases in their immediate family
- and my friend only ever used that machine for gaming and coursework.

Guess it depends on your perspective. If you're selling security
software/hardware or providing support you're going to be all too
aware of the vital importance of online security in your daily life.
My friend works on obscure corners of anti-virus programming and, I
guess, he just didn't focus on its relevance to his home PC. He will
now. <g>

As for Windows 98 - with a wife and kids at home and a state of the
art set up at work, upgrading my home kit wouldn't necessarily be my

Anyway - that's where we stand. I don't expect the police will be that
interested - they're not interested in domestic burglaries, after all.
At least he's passed the problem to the authorities, and set up an
entirely new, more secure system. Of course, the poor guy is driving
himself crazy trying to work out who might have done it, but I guess
he may never know.

Thanks for your help.


Relevant Pages

  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
  • SecurityFocus Microsoft Newsletter # 149
    ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ...
  • SecurityFocus Microsoft Newsletter #120
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows File Protection Signed File Replacement... ... PlatinumFTPServer Information Disclosure Vulnerability ...