Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fear after physical access?


  • This topic is locked This topic is locked
4 replies to this topic

#1 resertedlab

resertedlab

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 03 September 2016 - 06:22 PM

I'll try to be short, i've shared apartment with people i dont trust. I dont anymore. i've been out for more than year, but i still use the same laptop (Dell Inspiron) i used when i lived there. I wont get into any details, i'll just say i have reason to belive they had something installed back than, althou my machine was always protected with password. Here is what i need to know..

 

1. Since no one knew my password, could they have inserted some tiny flash usb, which i wont notice, that could somehow installed keylogger when i unlock the laptop, and that's how they to have intercepted my windows lock password? Would i see any pop up or premission to isntall something, or it could have secretly installed anything the moment i unlocked it (I think i would have noticied anything on the sides, but if i was on a hurry i could have missed it?)

 

2. Lets assume they managed to access the laptop, could they have installed any remote control programs which i wont notice, so they could constaltly access in the future? I only lived in this place for month and a half, and i have never left the laptop there for more than couple of hours. Maybe once or twice for bit more, but still never for long.

 

3. When i left the apartment and went back home, could they have still gained access, when i am on different ip, miles away from them. Can they do that for long periods of time (not just once or twice, but lets say to access my pc every week to check information or to mess with things?) Wouldn't that require constant wake on lan managments, since they have no idea when would i be home or not)? I ve never noticed anything like laptop waking up on its own or something.

 

4. Mostly what i am worried, can they boot the laptop remotely? (i know they can set it for wake lan with magic packets, but still i am asking about doing that for many sessions, not just a few) I usualy have left the pc closed, in which case it simply lockes itself and go in state of sleep/hybernation. I am not sure if wifi works while the laptop is sleeping/hybernating (again, i am talking dell inspiron)

 

5. If all these are possible, could someone with little above avarage knowlege of software be able to do that (not professionals, but still people that know things about software), or it will require a lot of profesionalism?

 

6. If anything had happened, could i ask the police or any specialist to track down who had remote access? Will they be able to track down from where remote control was executed, even if it happend months ago. (If it was those guys, could we get to them?)

 

Again, just to point out a few things! Once i left no one had any physical access anymore.

I am not asking what to do from now on, ive taken care for future, my question is if this thing could have happened under my nose for long time without me having a clue, and also not just one or two random accesses, but a constant, systematic access. 

 

I've had a lot of inormation, accounts and many other stuff (some of which super imortant) that had passed through that laptop in the last year, and if anyone could have remotely accessed and had control, though messing around, i could go to jail. since the trace, as far as i know, will lead to my ip (when pc is used remotely i belive it used the ip of the machine that is remotely controled, not the ip from where control is taken).


Edited by resertedlab, 03 September 2016 - 08:07 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2016 - 09:30 AM

Greetings,

You have asked a lot of questions but this really isn't the type of malware issue we deal with in this Forum. Theoretically remote access is a possibility on any computer. You say you are not concerned about the future and I am not sure what that means. For peace of mind's sake I would suggest you reformat your computer and reinstall the operating system which will remove any possibility for remote access. Short of that I don't think you will gain peace of mind.

Let me know you have read this and then I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 resertedlab

resertedlab
  • Topic Starter

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 08 September 2016 - 12:41 PM

HI, by future i ment that i already reinstall windows so dont fear they will spy me for future times, i still if they already had spyed what things they could have messed up, thats why i wanted to know how easy and possible such remote control would be if someone is not close or nearby my network connection and stuff, Thanks anyway for the responce, you can close the topic whats done is done :)



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2016 - 12:50 PM

Your question is about what is known as a Backdoor Trojan. Obviously I don't know whether this was present on your computer or not. Here is what I post to someone when we have verified the presence of a Backdoor. Just some things for them to consider and in a general sense things you can think through.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:24 PM

Posted 08 September 2016 - 12:50 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users