Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xp Security Breach


  • Please log in to reply
15 replies to this topic

#1 eagle27

eagle27

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 09 September 2008 - 04:07 PM

Hi anyone,

My computer is running XP Home and I have passwords on the Setup Menu, User Logon's and file encryptions. But somehow I find some of my files keep being deleted. In particular, My webcam motion detector files when I am gone from my office.
I have changed my passwords almost constantly and still something or someone is breaching these gates and getting in. I need to learn more about this area and what are the possibilities of this happening and how it is happening. If anyone can share their thoughts on this level of sophistication I'd be glad to hear it.

Looking forward to your response.

Thank you

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:11 PM

Posted 09 September 2008 - 04:41 PM

Most likely someone knows your password.
You can check for activity in the Event Viewer - in the Security log files if auditing is enabled.
If it's not enabled, have a look at this article: http://alt.pluralsight.com/wiki/default.as...leAuditing.html

Once you find out if someone is logging in, then you can take steps to remedy the situation.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:11 PM

Posted 09 September 2008 - 06:57 PM

Are you sure your webcam software isn't set to archive only a certain amount of pictures and delete the rest?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:11 PM

Posted 09 September 2008 - 07:25 PM

Id scan for keyloggers.

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:11 PM

Posted 09 September 2008 - 08:43 PM

Id scan for keyloggers.


Also check the computer for hardware ones
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 September 2008 - 02:11 AM

Are you sure your webcam software isn't set to archive only a certain amount of pictures and delete the rest?


That could be a possiblity. Where would I find the archive? I'm running a Logitech Quickcam Pro 4000 with Logitech Image Studio. The interface is pretty simplistic but it doesn't give me any definition as to how the files are saved and its parameters.

Thanks for the response,
Mike

#7 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 September 2008 - 02:14 AM

Id scan for keyloggers.


I've run Spybot Search and Destroy and have AVG Security Suite. And I run my checks daily. I'm not sure if these programs are picking up the problems. Are there programs that you can suggest I use that would be better and more secure?

#8 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 10 September 2008 - 02:16 AM

Id scan for keyloggers.


Also check the computer for hardware ones


Can you further elaborate on "hardware" please? I'm a novice.
Thanks

#9 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:11 PM

Posted 10 September 2008 - 08:17 AM

To scan for keyloggers, you would be best to submit an HJT log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

A hardware keylogger would be a small device attached to your keyboard cable that actually records keystrokes
I'll look into the software later
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 11 September 2008 - 12:41 AM

Most likely someone knows your password.
You can check for activity in the Event Viewer - in the Security log files if auditing is enabled.
If it's not enabled, have a look at this article: http://alt.pluralsight.com/wiki/default.as...leAuditing.html

Once you find out if someone is logging in, then you can take steps to remedy the situation.


Thanks for the article, I've reviewed the event viewer and there are somethings that I don't understand. When I am not on it I found logons using my information. I don't know if these are some of the system's automatic procedures. I don't know how to differentiate the entries.

#11 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 11 September 2008 - 12:44 AM

To scan for keyloggers, you would be best to submit an HJT log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

A hardware keylogger would be a small device attached to your keyboard cable that actually records keystrokes
I'll look into the software later

Do you have a picture of what that looks like? I looked at my cables and they seem to be in their original state. Could this keylogger hardware be installed internally?

#12 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 11 September 2008 - 12:55 AM

Hi again,

I got to review some of the webcam logs. I had set it to take pictures, upon reviewing the files, I found that approximately 2 hours of file is missing. So I decided to switch to constant video. The video did not reflect anything visually but just the room. But upon further scrutiny I listened to the audio portion and discovered that someone entered the room and started using the computer. I could hear the keys being punched. It seems the video was altered but the audio wasn't. What's up with that? How sophisticated can someone get, being able to operate at this level of intrusion is amazing. Is this at all possible? I've listened to the records more than twice to make sure what I was hearing was correct. It's something right out of the X Files. Can anyone share input regarding this or am I just chasing a ghost?

Edited by eagle27, 11 September 2008 - 12:57 AM.


#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:11 PM

Posted 11 September 2008 - 06:20 AM

If you're hearing something, but not seeing anything - could it be that that person knows where the camera is and is avoiding it somehow?

If the video is focused on the computer, then the individual is technologically sophisticated enough to delete the video - but isn't aware of/concerned about the audio.

Put a lock on the door - it's the simplest way around this.

Other ways would be to feed the video off-site so that you can capture it without it being deleted - then, presumably, you'd have a copy that would identify the culprit.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 eagle27

eagle27
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:11 AM

Posted 11 September 2008 - 01:48 PM

If you're hearing something, but not seeing anything - could it be that that person knows where the camera is and is avoiding it somehow?

If the video is focused on the computer, then the individual is technologically sophisticated enough to delete the video - but isn't aware of/concerned about the audio.

Put a lock on the door - it's the simplest way around this.

Other ways would be to feed the video off-site so that you can capture it without it being deleted - then, presumably, you'd have a copy that would identify the culprit.

The door is locked. By reading all of your responses I've come to the conclusion that there is a keylogger program running on the computer. So I am reformatting the whole drive and reinstalling. Is there any more I can do? Are there any preventive measures after re-installing that I can take?

I'll look into running the program offsite, but I will have to assume that they will just cut the internet connection.

Thanks for your help

#15 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:11 PM

Posted 11 September 2008 - 02:15 PM

Keyloggers don't tap keys - they just make a recording of what keys are pressed. They're designed to be stealthy - so you don't catch them.
Is there a route from the door to the keyboard that isn't observed by the camera?

When I was in high school I made a copy of the master key for all the lockers with a pencil and a piece of paper (then used that sketch to file the key out of metal). Keys/locks are easy to defeat if you study them a bit.

Once you've reformatted, place a new password on the BIOS and a new password on the Windows installation. Disable the Guest account, and ensure that all other accounts are password protected (with a new password).

Don't let the video capture your keystrokes when you're entering the passwords.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users