SD busted

View previous topic View next topic Go down

SD busted

Post by Freddy on 4/5/2010, 01:55

left the machine running, got back & the user password had been CHANGED.

a little earlier I'd visited the SD forum site.

Someone has all the keys to get in & do what they like.

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by Guest on 4/5/2010, 02:15

Hey Freddy!! Glad to see you on ssj100 Security Forums!! Welcome!!

I am not sure I understand,did your ShadowDefender password change,or your login to Windows password?

Guest
Guest


Back to top Go down

Re: SD busted

Post by Freddy on 4/5/2010, 02:45

Hi Noor.

Windows ADMIN password was changed. Also as I tried closing down to reboot there was a message advising other accounts were running. I never run other accounts, only Admin.

minutes before this incident I'd loaded SD onto HD#1 on another machine (Machine#2). This machine has 2 new hard discs, never been on the net before, new OS. Went on the net to register AV program. Removed disc1 & install disc#2 to repeat AV registration on disc#2. disc#2 failed to boot "Invalid boot drive" i think was the message.

Took machine1 to the shop & he removed the password. When I got back to the house scanned with AV & AV locked up at about 20%. All program ran SLOW, impossible to use, no internet connection either. I often lose my internet connection, the message is usually "Limited or no connection" but this time was different, message "Connection failed". After a few reboots it cleared up & usable now but completely compromised.

both machines connect to the same router box.

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by Guest on 4/5/2010, 03:08

Yeah,Bro that pretty weird alright.
Have you been able to complete an AV scan yet?

I know this is a silly question,but no one else has had
physical access to your computer have they?

(I will away for a few mins,but will be back.)

noor

Guest
Guest


Back to top Go down

Re: SD busted

Post by Freddy on 4/5/2010, 03:17

the second AV scan was clear. 4 warnings but no threats/detections. the warnings have been there for a few weeks. that's odd too. if the AV stalled first time why would it run the next time. there are two the people in the house but neither read enough English to do anything with a computer.

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by Freddy on 4/5/2010, 03:44

Another strange thing.

NUMLOCK was set to OFF in the BIOS until about 2 weeks ago.

I made no changes to the BIOS but on boot up now NUMLOCK is ON.

How can such a thing happen I wonder ...

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by Guest on 4/5/2010, 03:56

The four AV warnings,you use Avira, right?
So they were just the "cant open file","pagefile" type stuff?

Brother, from all we have talked about on ShadowDefender Forums,
It really does sound like you have someone messing with you.

NO WAY is the changed password,and the "other accounts running"
even close to normal.

noor

Guest
Guest


Back to top Go down

Re: SD busted

Post by ssj100 on 4/5/2010, 06:26

I think noor is right. There's a high chance that some malicious stuff is going on via direct physical access or via your LAN network.

By the way, presumably you were in Shadow Mode when you left your computer running (since you've posted this in the Shadow Defender thread)? Regardless, if someone with malicious intent has direct physical or network access to your computer, it'd be pretty hard to stop them.

Anyway, it sounds like a clean re-install (or an image restore) might be required here. Unless someone (including people on other forums) have better ideas.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: SD busted

Post by Freddy on 4/5/2010, 06:59

re the password change, I'd left the machine running at about 2pm yesterday, logged in, everything was fine, running in Shadow Mode. for the rest of the afternoon I was helping the carpenter install some furniture in the next room in plain view. nobody could get access to the machine during that time without being seen. about 6 pm I entered the password to get it out of standby mode, password didn't work. & as mentioned, other sub accounts were also running.

ssj100 what do you mean by network access to the computer? Do you mean physical or remote?

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by ssj100 on 4/5/2010, 07:13

Remote.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: SD busted

Post by Guest on 4/5/2010, 10:12

Yes Freddy,I know that's not something anyone likes to hear.
The dread reformat and install.

But as you said a comprimised system is just that......
How far do you trust it?

I wish you would give Sandboxie try,a lot of the dreck with the free version,
can be mitigated by my thread:http://ssj100.fullsubject.com/sandboxie-f1/make-the-best-of-sandboxie-free-edition-t40.htm

With the ssj100 configuration,you can do most of it with the free,I doubt that this problem will re-occur.

please keep us posted old buddy,

noor

Guest
Guest


Back to top Go down

Re: SD busted

Post by Freddy on 4/5/2010, 15:55

physical, that bit i can easily understand. let's say it occurred at network level, how would someone go about that. i know it can be done but have no clue how.

Freddy
New Member
New Member

Posts : 6
Join date : 2010-05-03

View user profile

Back to top Go down

Re: SD busted

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum