Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not Sure If Infected Need Advice


  • Please log in to reply
6 replies to this topic

#1 pat666

pat666

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 09 March 2007 - 05:02 AM

Hi all:

I need some sage advice before confronting my son. His mom called me and said that she found an open folder titled "Visualizations" on her desk top. The folder contained hard core video files. Naturally, she thinks that my 17 year old son downloaded them. I told her I would talk to him, but before I do I'd like to know if anyone has heard of any virus or malware that might be responsible.

I find it strange that he would: (1) choose to put the files in a media player folder and (2) leave the folder open on the desk top. Why not make his own folder and put it in a different location? He certainly knows enough about computers to do this.

Does anyone know of a virus/malware that does this and if so what should I look for? I'm going there tomorrow and although I know that he may very well have downloaded the files, I don't want to accuse him if it was caused by something else!

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:11:56 PM

Posted 09 March 2007 - 05:47 AM

Visualizations are files which are used in media players in general and give'graphic movements on the beat of music played in that player. There are a few tricks to find out whether he has downloaded them.

a) From the browser- CTRL H This opens the history in any browser and gives you a run down on internet pages visited in that period
:thumbsup: Rightclick the files propperties and look for dates when it was created . Most of the time there is a reference to a website.
c) If there is a date go to eventviewer ( START RUN type eventvwr ) and see whether there was anything downloaded around that period.
d) Alternatively go to the log of your firewall and see if anything crossed

Fons

#3 pat666

pat666
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 09 March 2007 - 12:09 PM

Thanks for the tips. I'm going to be at that computer today and will check it out, but this will tell me only where they came from and not necessarily that he downloaded them correct? Also, would any program that you know of automatically save video files to that folder?

#4 buddy215

buddy215

  • Moderator
  • 13,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:56 PM

Posted 09 March 2007 - 01:17 PM

There are many possibilities of how those files got on the computer. Regardless of how they got there, malware should be suspected as porn is very often accompanied with malware.
Two good programs to scan with would be Super Antispyware and the online virus scanner Bit Defender. Both are free and fully functional.
http://www.superantispyware.com/ (use in safe mode)
http://www.bitdefender.com/scan8/ie.html


Just don't ask the Norwich, Connecticut police dept. for help!
http://www.bleepingcomputer.com/forums/t/79623/us-justice-system-gone-awry-in-teacher-porn-case/

Edited by buddy215, 09 March 2007 - 01:24 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 pat666

pat666
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 09 March 2007 - 02:28 PM

Hi again:

I checked out browser history which is blank (of course wiping the history is easy to do), the files are avi and mpg's and the most recent was created 01/08/07 - I'm not sure what that tells us as far as how they got on to this computer.

Also, I checked eventviewer and the firewall logs and found nothing suspicious like references to unfamiliar or questionable sites.

I will run Superantispyware and Bitdefender, but barring a confession from my son, is there any way to know for sure who or what placed the files on this computer?

Thanks.

#6 buddy215

buddy215

  • Moderator
  • 13,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:56 PM

Posted 09 March 2007 - 02:46 PM

Depends on how far you want to go. There are programs for recovering deleted files, logs, etc. Could compare log in times with download times, etc.
You could install a program to block porn sites such as the one in the link below. It is free for home use.
http://www.k9webprotection.com/about.html

Would payment of some sort be required for what was downloaded? I wouldn't know but someone else might.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:11:56 PM

Posted 10 March 2007 - 06:51 AM

Can't you see in the firewall logs what happened on that date?

c) If there is a date go to eventviewer ( START RUN type eventvwr ) and see whether there was anything downloaded around that period.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users