Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Alterations?


  • Please log in to reply
20 replies to this topic

#1 foreverterra

foreverterra

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 12:07 PM

I am not sure what forum this should go under, so please move if necessary. That being said, I have a question:

 

If I suspect unauthorized tampering of any sort with one of my computers... As a result from having a computer repairman "fixing" my computer", how would I prove or disprove this?

 

I am not sure exactly what course of action to take. But I don't know for certain if this is 100% true. I definitely don't want to go wagging my finger around though. Because I know that can be quite serious. And I'd much rather discover that I am simply overreacting...

 

So than, what should I do to check if everything's in order?

 

I know I need to put my mind at ease, please help if you can.


Edited by foreverterra, 18 February 2015 - 12:08 PM.


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:08 AM

Posted 18 February 2015 - 01:08 PM

Hi foreverterra :)

Just so I understand what you said well, you think that your system is actually infected and that someone else have access to it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 AM

Posted 18 February 2015 - 03:42 PM

Was the computer repairman from a reputable local business or someone online who you allowed remote access?

Also what makes you suspect there was unauthorized tampering?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 05:41 PM

Hi foreverterra :)

Just so I understand what you said well, you think that your system is actually infected and that someone else have access to it?

 

 

That would be a negative. It was previously infected and then sent for repairs.

 

 

Was the computer repairman from a reputable local business or someone online who you allowed remote access?

Also what makes you suspect there was unauthorized tampering?

 

The repairman was from a privately owned buisness. As for reputable, this was my first dealings with them. (Due to a move, I didn't know anyone else in the area.) I know I probably should of dug a little deeper before going in somewhere random though.

 

And I believe it is possible that my computer may have been tampered with due to the seal being broken. But the kicker for me was: I am not able to locate my AMD Radeon... I'd pull it open myself, but I don't know what to look for. I'm trying to remain calm and level headed, but all I can do at the moment is panic.
 



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:08 AM

Posted 18 February 2015 - 05:44 PM

So you think that they "stole" your graphic card? If you want, you can open your computer case, take a photo of what's inside and post it here. We'll be able to tell you in 2 seconds if the graphic card is still there or not. Unless it was an APU, then it would be something else.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 AM

Posted 18 February 2015 - 05:50 PM

So then what exactly needed fixing? It is possible the repairman opened the case if the fixing that was needed involved something inside.

Also, did he provide a description of what he did when presenting the bill?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 06:10 PM

He said that he removed malware, and that was it. Cash paid upfront. But from what I understand... Viruses are just another chunk of ugly software? Which infects a computer's harddrive or memory? It's not hardware. I don't know what they would need to open the case for? I'm not even sure if I remember what the virus was. I just know that I could only enter safemode. And I couldn't get on normally, for the life of me.

 

Also, I know I had a AMD Radeon installed. It was one of the two very specific things I looked for. At the time that I was picking out which intel core to get. But the only thing it is picking up on is Nvidia. So, either it was removed and/or replaced? Or I'm doing something wrong...

I can try to open it later if that would help? Unless there is another way for me to squash my suspicion?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:08 AM

Posted 18 February 2015 - 06:13 PM

The easiest way would be to physically open the computer case and take a screenshot of the inside so we can see it. Otherwise, we can try to guide you to find out under Windows if the card is still there.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 06:33 PM

Could I try the guide first?



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:08 AM

Posted 18 February 2015 - 06:34 PM

Yes sure. Let's see with a dxdiag log.

OlT01aD.pngDxDiag Log
Follow the instructions below to create a dxdiag log and post it in your next reply.
  • Press on the Win Key + R keys to bring up the Run menu;
  • Enter dxdiag in the box and press on Enter;
  • If a message comes up asking you if you want to check if your drivers are digitally signed or not, click on Yes;
  • Once the dxdiag report window open, wait for it to load completely. The progress bar is in the bottom left corner;
  • Click on the Save All Information... button, then save the file on your Desktop as dxdiag.txt;
  • Open the text file, then copy/paste all the content in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 06:50 PM

Spoiler


So, I took a moment to compare it to a older post and noticed that dxdiag was similar to that time stamp. I didn't see anything that said AMD there either. :/

 

The mystery for me, still is: What happened to it?



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,205 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:10:08 AM

Posted 18 February 2015 - 06:52 PM

There's no AMD graphic card in there, but there's a NVIDIA one. So you are supposed to have two graphic cards, one NVIDIA and one AMD? Are you sure? This is pretty unusual.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 07:00 PM

I am supposed to have a AMD radeon. I am certain of that. I never was aware of having two cards or otherwise. But if the Nvidia has been there since before July 2014... I should of noticed it sooner. -_- Now I am really confused.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 AM

Posted 18 February 2015 - 07:10 PM

Where did you purchase your computer?
What is the make and model?
What graphic card was originally offered?
Although you may have ordered it, how do you know it actually came with the AMD radeon? It could have been shipped without it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 18 February 2015 - 07:42 PM

I purchased my computer from Dell.

Inspirion 580.
Intel Graphics & not sure what else.

I know we paid for it, but that is the only certainty I have.

Otherwise I am not sure.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users