|
|
|
3 Weeks Ago
|
#1 (permalink) | |||||||||||||
|
Intel Overclocker
|
To Catch a Hacker
Ok, here is the story.
My girlfriend broke up with her ex about a year ago. Things have been going fine between them (read: no contact) since then. Recently, she decided to clean up her facebook by deleting people from her friends that she is no longer in contact with, and he was included in that. Shortly after that, she was getting randomly appearing "incorrect username or password" messages every so often. I didn't get to see them personally, but I think she took a picture of it that I will try to get up here. Anyway, they stopped appearing. It seems this was an error from NOD32. Sometime after that there were some strange things happening to her laptop. First, her homepages in Google Chrome were changed (one of them was facebook...). She then later noticed that her Google Chrome icon was renamed from "Google Chrome" to "dr. jas", which happen to be her ex's initials. I believe he was somehow viewing her desktop remotely. At first I thought maybe he had simply gained file-access, but she said not only had the shortcut name been changed by icons had been moved around the desktop. There was no way local access had been obtained by him or anyone else at that time as she locks her bedroom door (and he lives far, far away). Her laptop runs Vista Home Premium. As such, it does not have Remote Desktop built in. I disabled Remote Assistance, in case there was some vulnerability there he was exploiting. I checked her Windows Firewall for any strange exceptions, and ran a virus scan to make sure there was no virus doing these things (which none were found by NOD32). So, I guess I am asking if there is some known vulnerability that may be allowing here ex-boyfriend to get into her computer. More particularly, is there a way to find out if someone is in fact doing this to her? He may have her IP address... since they broke up, I know Time Warner (both of our ISP) has not changed my WAN IP address, so it is entirely possible her's has not either. I have looked for ways to log logins in the Event Viewer, but most solutions require the Group Policy editor, which Home Premium does not have. Any thoughts or suggestions are very much welcome and greatly appreciated!!
__________________
Spelling mistakes in my post? I am probably typing on my iPod... Please forgive me! Columbus, OH, area pc repair!
|
|||||||||||||
|
|
|
3 Weeks Ago
|
#2 (permalink) | |||||||||||||
|
Caseless
 
|
Here's what you should do... Set the laptop down in front of you and your girlfriend and watch it for a while... If anything happens indicating the ex's involvement give him a call... or better yet pay him a visit.
Then install XP/7 on it after a good DBANing ^.^
__________________
There is no spoon.
|
|||||||||||||
|
|
|
3 Weeks Ago
|
#3 (permalink) | ||||||||||||
|
First Time Build
|
install avast and use their rootkit tool
__________________
|
||||||||||||
|
|
|
|
3 Weeks Ago
|
#4 (permalink) | ||||||||||||||
|
Intel Overclocker
|
Quote:
I will look at installing Avast on there. Thanks!
__________________
Spelling mistakes in my post? I am probably typing on my iPod... Please forgive me! Columbus, OH, area pc repair!
|
||||||||||||||
|
|
|
|
3 Weeks Ago
|
#5 (permalink) | |||||||||||||
|
nVidia Enthusiast
Join Date: Apr 2006
Location: Phoenix, ARIZONA!!!!!!
Posts: 971
Rep: 75
 Unique Rep: 66
Trader Rating: 0
|
ya safest bet at this point - reformat.
__________________
MY FOR SALE THREAD
|
|||||||||||||
|
|
|
|
3 Weeks Ago
|
#6 (permalink) | |||||||||||||
|
Overclocker in Training
Join Date: May 2009
Location: Brampton, ON, Canada
Posts: 561
Rep: 46
Unique Rep: 36
Trader Rating: 0
|
reformat the HDD, don't keep any files, change all passwords. Hes probably using a R.A.T (remote admin tool) to gain access to the computer. Its like remote assistance in windows. Im not going to say what softwares can be used to infect people with R.A.T but its pretty easy. about 30% of all R.A.T's are FUD so that's why NOD32 isn't picking anything up.
__________________
Savings for Custom Case & Liquid cooling Project: $100.
|
|||||||||||||
|
|
|
|
3 Weeks Ago
|
#7 (permalink) | ||||||||||||
|
Audiophile
|
Call the police, this is highly illegal, and should be taken care of, right away!
__________________
|
||||||||||||
|
|
|
3 Weeks Ago
|
#8 (permalink) | ||||||||||||||
|
4.0 GHz
|
Quote:
Man, this seriously gives me the creeps. Best of luck to you and your girlfriend.
|
||||||||||||||
|
|
|
|
3 Weeks Ago
|
#9 (permalink) | ||||||||||||||
|
4.0 GHz
 
|
well
fet a firewall in the router and computer make sure "remote computer" is off
__________________
E8400@ 3.962 stockvolts W Noctua http://www.overclock.net/gallery/dat...creenshot5.jpg Quote:
|
||||||||||||||
|
|
|
|
3 Weeks Ago
|
#10 (permalink) | |||||||||||||
|
ATI Enthusiast
|
its an easy fix, reformat your comp, and change all passwords to every email/fb etc.
__________________problem solved  just make sure ur gf doesn't open any attachments
|
|||||||||||||
|
|
|
 |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
|
|
4 GHz Overclock Club 
**The Prolimatech Club** 
