Need Security Help

Discussion in 'Computer Security' started by Lumpjaw, Jul 3, 2007.

  1. Lumpjaw

    Lumpjaw Guest

    Greetings,

    I have a reason to believe my work computer has been compromised, i.e.
    stealth software installed. Does anyone know of a good mechanisim to detect
    hidden spy programs outside of adaware and spybot. Any suggestions would be
    greatly appreciated. Thanks.


    -lumpjaw
     
    Lumpjaw, Jul 3, 2007
    #1
    1. Advertising

  2. Lumpjaw

    /Tx2 Guest

    On Tue, 3 Jul 2007 15:58:38 -0400 Lumpjaw
    from the village of
    felt we might be interested in the following...


    > Greetings,
    >
    > I have a reason to believe my work computer has been compromised, i.e.
    > stealth software installed. Does anyone know of a good mechanisim to detect
    > hidden spy programs outside of adaware and spybot. Any suggestions would be
    > greatly appreciated. Thanks.


    Hello, sorry to trouble you, but this is your personnel department -
    please report to the office at 08:30 prompt so we can discuss this issue
    with you.


    --
    My reply address is valid, but incoming mail is set to 'auto-delete'
    so will not be seen. Please post replies to the group.
    XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX
     
    /Tx2, Jul 3, 2007
    #2
    1. Advertising

  3. Lumpjaw

    Todd H. Guest

    Todd H., Jul 3, 2007
    #3
  4. Lumpjaw

    Lumpjaw Guest

    Very Funny!

    -L

    "/Tx2" <> wrote in message
    news:...
    > On Tue, 3 Jul 2007 15:58:38 -0400 Lumpjaw
    > from the village of
    > felt we might be interested in the following...
    >
    >
    >> Greetings,
    >>
    >> I have a reason to believe my work computer has been compromised, i.e.
    >> stealth software installed. Does anyone know of a good mechanisim to
    >> detect
    >> hidden spy programs outside of adaware and spybot. Any suggestions would
    >> be
    >> greatly appreciated. Thanks.

    >
    > Hello, sorry to trouble you, but this is your personnel department -
    > please report to the office at 08:30 prompt so we can discuss this issue
    > with you.
    >
    >
    > --
    > My reply address is valid, but incoming mail is set to 'auto-delete'
    > so will not be seen. Please post replies to the group.
    > XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX
     
    Lumpjaw, Jul 3, 2007
    #4
  5. Lumpjaw

    Sebastian G. Guest

    Lumpjaw wrote:


    > I have a reason to believe my work computer has been compromised, i.e.
    > stealth software installed.



    Well, then flatten and rebuild it. Hey, you're abusing Outlook Express as a
    newsreader, what else do you need to see that your system is an open
    invitation to crap?

    > Does anyone know of a good mechanisim to detect hidden spy programs outside


    > of adaware and spybot.


    Yes: about any, since these programs are useless.

    Serious ones include verifying the integrity of all files, which is
    something typically carried out by sha1sum, sort, uniq and xargs.


    BTW, what about a fup2?
     
    Sebastian G., Jul 3, 2007
    #5
  6. Lumpjaw

    Lumpjaw Guest

    Hey S.

    I was just asking a question, I am woking with windows, that is what I have,
    period, I was not asking for an invitation to throw mud. The wolrd already
    knows what guys like you think, better to take your 'know how?' and use it a
    little more constructively. If you have nothing to say, ZIP IT!... just my
    humble opinion. MAN YOU ARE ANNOYING!


    -Lumpjaw



    "Sebastian G." <> wrote in message
    news:...
    > Lumpjaw wrote:
    >
    >
    >> I have a reason to believe my work computer has been compromised, i.e.
    >> stealth software installed.

    >
    >
    > Well, then flatten and rebuild it. Hey, you're abusing Outlook Express as
    > a
    > newsreader, what else do you need to see that your system is an open
    > invitation to crap?
    >
    >> Does anyone know of a good mechanisim to detect hidden spy programs
    >> outside

    >
    >> of adaware and spybot.

    >
    > Yes: about any, since these programs are useless.
    >
    > Serious ones include verifying the integrity of all files, which is
    > something typically carried out by sha1sum, sort, uniq and xargs.
    >
    >
    > BTW, what about a fup2?
     
    Lumpjaw, Jul 3, 2007
    #6
  7. Lumpjaw

    Sebastian G. Guest

    Lumpjaw wrote:


    > I was just asking a question, I am woking with windows, that is what I have,
    > period,



    You're talking nonsense. Just because Windows delivers Outlook Express
    doesn't mean that you're supposed to abuse it for an operation that it might
    work for but isn't supposed to work for. There's no problem with downloading
    an actual newsreader like any non-stupid person would do.

    > If you have nothing to say, ZIP IT!


    Strange enough that I already said something very fruitful: COMPARE YOUR
    SYSTEM BINARIES AGAINST THE CHECKSUM OF TRUSTED BACKUP! That's what every
    serious person does. It's a trivial task involving trivial tools like
    sha1sum, sort+uniq and xargs, or any specific tool that does the job.

    And I disrgarded your utterly useless tools. How should AdAware or Spybot
    find such a compromise? They're relying on the results of the compromised
    system, and they're utterly broken, and their output is obviously nonsensical.

    > MAN YOU ARE ANNOYING!


    said the stupid guy who attached a quoting of the entire replied posting at
    the end of his own posting, together with an attribution line actually
    containing two lines full of useless information that is already available
    in the header of his posting. You can hardly get any more annoying!
     
    Sebastian G., Jul 3, 2007
    #7
  8. Lumpjaw

    Lumpjaw Guest

    Whatever dude!

    -l

    "Sebastian G." <> wrote in message
    news:...
    > Lumpjaw wrote:
    >
    >
    >> I was just asking a question, I am woking with windows, that is what I
    >> have,
    >> period,

    >
    >
    > You're talking nonsense. Just because Windows delivers Outlook Express
    > doesn't mean that you're supposed to abuse it for an operation that it
    > might
    > work for but isn't supposed to work for. There's no problem with
    > downloading
    > an actual newsreader like any non-stupid person would do.
    >
    >> If you have nothing to say, ZIP IT!

    >
    > Strange enough that I already said something very fruitful: COMPARE YOUR
    > SYSTEM BINARIES AGAINST THE CHECKSUM OF TRUSTED BACKUP! That's what every
    > serious person does. It's a trivial task involving trivial tools like
    > sha1sum, sort+uniq and xargs, or any specific tool that does the job.
    >
    > And I disrgarded your utterly useless tools. How should AdAware or Spybot
    > find such a compromise? They're relying on the results of the compromised
    > system, and they're utterly broken, and their output is obviously
    > nonsensical.
    >
    >> MAN YOU ARE ANNOYING!

    >
    > said the stupid guy who attached a quoting of the entire replied posting
    > at
    > the end of his own posting, together with an attribution line actually
    > containing two lines full of useless information that is already available
    > in the header of his posting. You can hardly get any more annoying!
     
    Lumpjaw, Jul 3, 2007
    #8
  9. Lumpjaw

    /Tx2 Guest

    On Tue, 3 Jul 2007 16:30:30 -0400 Lumpjaw
    from the village of
    felt we might be interested in the following...


    > Very Funny!


    Glad you took it in the spirit it was intended ;-)



    --
    My reply address is valid, but incoming mail is set to 'auto-delete'
    so will not be seen. Please post replies to the group.
    XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX
     
    /Tx2, Jul 3, 2007
    #9
  10. Lumpjaw

    Todd H. Guest

    "Lumpjaw" <> writes:

    > Hey S.
    >
    > I was just asking a question, I am woking with windows, that is what I have,
    > period, I was not asking for an invitation to throw mud. The wolrd already
    > knows what guys like you think, better to take your 'know how?' and use it a
    > little more constructively. If you have nothing to say, ZIP IT!... just my
    > humble opinion. MAN YOU ARE ANNOYING!


    Yeah, he's not a very happy boy, best I can tell.

    He's right about one thing though--if you have any question at all
    about the integrity of your machine, flatten and rebuild from original
    media is the only way to go.

    And the only way you can be relatively sure you're okay is to have
    something like tripwire being installed soon after your original
    (trusted) build, doing file signature, so you know what's changed--and
    which is what is more challenging--no what's supposed to change and
    what's not.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jul 3, 2007
    #10
  11. Lumpjaw

    Sebastian G. Guest

    Todd H. wrote:


    > And the only way you can be relatively sure you're okay is to have
    > something like tripwire being installed soon after your original
    > (trusted) build, doing file signature, so you know what's changed--and
    > which is what is more challenging--no what's supposed to change and
    > what's not.



    I just wondered how Tripwire has changed. In earlier times, it hooked
    various FSCTL and IOCTL handlers to trigger rescans only if it noticed any
    file changes with the change itself already tripping an alert. Same for
    Windows with receiving file change notifications. Now it runs a full compare
    on a regular schedule, which is a highly imperformant and delayed way of
    doing this job. What has happened? Too many dudes running with root
    privileges, thus rendering this check potentially insecure?
     
    Sebastian G., Jul 3, 2007
    #11
  12. Lumpjaw

    Jim Watt Guest

    On Tue, 3 Jul 2007 16:47:15 -0400, "Lumpjaw" <>
    wrote:

    >I was just asking a question, I am woking with windows, that is what I have,
    >period, I was not asking for an invitation to throw mud.


    Windows can be fairly secure, but the only way to do that is to limit
    user rights so that they cannnot compromise the system.

    If you are in that sort of environment, then you should not be able
    to install anything on your machine anyway, and you need to contact
    whoever does your IT support.

    If you really have doubts about the integrity of your system AND you
    have the authority to rebuild it then that is the solution.

    There is a view that anyone using outlook or outlook express is asking
    for trouble.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jul 4, 2007
    #12
  13. Lumpjaw

    Lil' Abner Guest

    "Sebastian G." <> wrote in
    news::

    > Lumpjaw wrote:
    >
    >
    >> I have a reason to believe my work computer has been compromised,
    >> i.e. stealth software installed.

    >
    >
    > Well, then flatten and rebuild it. Hey, you're abusing Outlook Express
    > as a newsreader, what else do you need to see that your system is an
    > open invitation to crap?
    >
    >> Does anyone know of a good mechanisim to detect hidden spy programs
    >> outside

    >
    >> of adaware and spybot.

    >
    > Yes: about any, since these programs are useless.
    >
    > Serious ones include verifying the integrity of all files, which is
    > something typically carried out by sha1sum, sort, uniq and xargs.
    >
    >
    > BTW, what about a fup2?


    Well, fupu2!

    --
    --- A dyslexic man walks into a bra ---
     
    Lil' Abner, Jul 5, 2007
    #13
  14. Lumpjaw

    Sebastian G. Guest

    Lil' Abner wrote:

    > "Sebastian G." <> wrote in
    > news::


    >> BTW, what about a fup2?

    >
    > Well, fupu2!


    As you might notice, I already set a Followup-To.
     
    Sebastian G., Jul 5, 2007
    #14
  15. From: "Lumpjaw" <>

    | Greetings,
    |
    | I have a reason to believe my work computer has been compromised, i.e.
    | stealth software installed. Does anyone know of a good mechanisim to detect
    | hidden spy programs outside of adaware and spybot. Any suggestions would be
    | greatly appreciated. Thanks.
    |
    | -lumpjaw
    |

    Please exlain WHY you came to this conclusion as it it may just be a faux conclusion.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Jul 5, 2007
    #15
  16. Lumpjaw

    invntrr Guest

    "Lil' Abner" <> wrote in message
    news:Xns9963D3323A33Bbutter@wefb973cbe498...
    > "Sebastian G." <> wrote in
    > news::
    >
    > > Lumpjaw wrote:
    > >
    > >
    > >> I have a reason to believe my work computer has been compromised,
    > >> i.e. stealth software installed.

    > >
    > >
    > > Well, then flatten and rebuild it. Hey, you're abusing Outlook Express
    > > as a newsreader, what else do you need to see that your system is an
    > > open invitation to crap?
    > >
    > >> Does anyone know of a good mechanisim to detect hidden spy programs
    > >> outside

    > >
    > >> of adaware and spybot.

    Yes
    I have a device that makes it impossible to power up without a dongle or
    coded remote
    It's fully patented but no one is interested.
    I'll sell you one for $50
    Tom
     
    invntrr, Jul 7, 2007
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    890
  2. =?Utf-8?B?QWxjaGltaXN0ZQ==?=

    need any help , documents to get MCSE 2003 server "security"

    =?Utf-8?B?QWxjaGltaXN0ZQ==?=, Apr 26, 2006, in forum: MCSE
    Replies:
    10
    Views:
    1,269
    Bigus Di©kus
    Apr 28, 2006
  3. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    636
    COMSOLIT Messmer
    Sep 5, 2003
  4. Steven Moore

    I need help with the Security Tab in Asp.net

    Steven Moore, Jul 7, 2006, in forum: Software
    Replies:
    0
    Views:
    718
    Steven Moore
    Jul 7, 2006
  5. Replies:
    4
    Views:
    667
Loading...

Share This Page