Please help

Discussion in 'Computer Security' started by mofo, Nov 25, 2004.

  1. mofo

    mofo Guest

    Hi group

    I have a problem with a sneaky mate of mine who has had access to my small
    network for a long time, I recently realised this and changed the password
    to my Nat router which resulted in this mate paying me a visit to try to
    figure out why he could no longer get into MY system, so I thought I was
    well secure and he could not get in anymore, then I notice he had been
    deleting CSS files off my business site and also some JavaScript, which made
    my buttons roll over, oh, and a DOT was deleted out of my CGI form,
    so I would lose business,
    so I remembered he had installed some HDD manager on one of the pc's when he
    visited, well it wasn't a HDD manager, it was "Ghost key logger" I found
    this out when I installed the same HDD manager and realised it did not need
    a password, but when he installed it it did, so I went back to the fozi site
    where he got the HDD manager and found the kelogger prog, I installed it and
    there was the exact same password box I has seen when I spotted him
    installing the so called HDD manager, I done a search and the little f***er
    has had this keylogger running,
    I done an XP roll back to before he installed it, but as I explained, he
    seems to be changing stuff still, like for instance, I changed the Nat
    router password again, then the next day I couldn't get into it .... wtf
    ..... I still cant get in it.
    Can anyone tell me how I can go about searching all 3 of my pc's to see if
    he has anything running???
    Or is there something I can do to ensure he can never get in again????

    Thanks for reading

    P.S I don't know why this mate is such a w****r, he has always been a sneaky
    s**t and likes to think he's a hacker. I have done nothing but treat him
    with respect.
    mofo, Nov 25, 2004
    #1
    1. Advertising

  2. mofo

    Mike Guest

    mofo wrote:
    > Hi group
    >
    > I have a problem with a sneaky mate of mine who has had access to my small
    > network for a long time, I recently realised this and changed the password
    > to my Nat router which resulted in this mate paying me a visit to try to
    > figure out why he could no longer get into MY system, so I thought I was
    > well secure and he could not get in anymore, then I notice he had been
    > deleting CSS files off my business site and also some JavaScript, which made
    > my buttons roll over, oh, and a DOT was deleted out of my CGI form,
    > so I would lose business,
    > so I remembered he had installed some HDD manager on one of the pc's when he
    > visited, well it wasn't a HDD manager, it was "Ghost key logger" I found
    > this out when I installed the same HDD manager and realised it did not need
    > a password, but when he installed it it did, so I went back to the fozi site
    > where he got the HDD manager and found the kelogger prog, I installed it and
    > there was the exact same password box I has seen when I spotted him
    > installing the so called HDD manager, I done a search and the little f***er
    > has had this keylogger running,
    > I done an XP roll back to before he installed it, but as I explained, he
    > seems to be changing stuff still, like for instance, I changed the Nat
    > router password again, then the next day I couldn't get into it .... wtf
    > .... I still cant get in it.
    > Can anyone tell me how I can go about searching all 3 of my pc's to see if
    > he has anything running???
    > Or is there something I can do to ensure he can never get in again????
    >
    > Thanks for reading
    >
    > P.S I don't know why this mate is such a w****r, he has always been a sneaky
    > s**t and likes to think he's a hacker. I have done nothing but treat him
    > with respect.
    >
    >

    He's no mate. Speak to a solicitor and get them to draft a letter. This
    should also exonerate *YOU* from any other damage he may have caused to
    third parties.

    Your 'mate' obviously knows far more than you do about computers so your
    chances of fixing his shit without external help are small. He should be
    made to pay for someone else to fix what he has done.

    There is also a very worring issue if you use online banking. Chances
    are that he has access to your accounts and your bank would be
    interested in having a chat to him in that case.

    Your 'mate' is in deep shit and needs a wakeup call.

    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
    Mike, Nov 25, 2004
    #2
    1. Advertising

  3. mofo

    mofo Guest

    Hi Mike.
    Thanks for your reply.

    Who can I go to about it, for instance I cant see the police taking it
    seriously, and I cant afford a solicitor etc
    also the a-hole in question... (I think)... doesn't know for certain that I
    have sussed him out, I've said nothing to him and I think he thinks im too
    stoopid to have sussed him out.
    Is there a programme I can use that will alert me to anyone using my pc's
    remotely??


    I have a strange question, I might be paranoid here, but yesterday and today
    the same odd thing happened on two different pc's. a GOOD mate of mine
    (lol)... was on one of my pc's, on an online war game, yesterday and the
    game crashed (never happened before) and reset the graphics and sound to
    default . then just now it happened to me on my new pc. Can this be due to
    outside hacking or do you think its just coincidence, the thing is I
    wouldn't put it past that tosser to do sumit like that, its like him to be
    spiteful and annoying.

    Thanks again for your help.





    "Mike" <> wrote in message
    news:co4of7$fdp$...
    > mofo wrote:
    >> Hi group
    >>
    >> I have a problem with a sneaky mate of mine who has had access to my
    >> small network for a long time, I recently realised this and changed the
    >> password to my Nat router which resulted in this mate paying me a visit
    >> to try to figure out why he could no longer get into MY system, so I
    >> thought I was well secure and he could not get in anymore, then I notice
    >> he had been deleting CSS files off my business site and also some
    >> JavaScript, which made my buttons roll over, oh, and a DOT was deleted
    >> out of my CGI form,
    >> so I would lose business,
    >> so I remembered he had installed some HDD manager on one of the pc's when
    >> he visited, well it wasn't a HDD manager, it was "Ghost key logger" I
    >> found this out when I installed the same HDD manager and realised it did
    >> not need a password, but when he installed it it did, so I went back to
    >> the fozi site where he got the HDD manager and found the kelogger prog, I
    >> installed it and there was the exact same password box I has seen when I
    >> spotted him installing the so called HDD manager, I done a search and the
    >> little f***er has had this keylogger running,
    >> I done an XP roll back to before he installed it, but as I explained, he
    >> seems to be changing stuff still, like for instance, I changed the Nat
    >> router password again, then the next day I couldn't get into it .... wtf
    >> .... I still cant get in it.
    >> Can anyone tell me how I can go about searching all 3 of my pc's to see
    >> if he has anything running???
    >> Or is there something I can do to ensure he can never get in again????
    >>
    >> Thanks for reading
    >>
    >> P.S I don't know why this mate is such a w****r, he has always been a
    >> sneaky s**t and likes to think he's a hacker. I have done nothing but
    >> treat him with respect.

    > He's no mate. Speak to a solicitor and get them to draft a letter. This
    > should also exonerate *YOU* from any other damage he may have caused to
    > third parties.
    >
    > Your 'mate' obviously knows far more than you do about computers so your
    > chances of fixing his shit without external help are small. He should be
    > made to pay for someone else to fix what he has done.
    >
    > There is also a very worring issue if you use online banking. Chances are
    > that he has access to your accounts and your bank would be interested in
    > having a chat to him in that case.
    >
    > Your 'mate' is in deep shit and needs a wakeup call.
    >
    > --
    >
    > ------------------------------------
    >
    > Real email to mike. The header email is a spam trap and you will be
    > blacklisted,
    > submitted to anti-spam sites and proably burn in hell.
    mofo, Nov 25, 2004
    #3
  4. mofo

    donnie Guest

    On Thu, 25 Nov 2004 12:30:28 GMT, "mofo" <>
    wrote:

    >I have a problem with a sneaky mate of mine who has had access to my small
    >network for a long time, I recently realised this and changed the password
    >to my Nat router which resulted in this mate paying me a visit to try to
    >figure out why he could no longer get into MY system, so I thought I was
    >well secure and he could not get in anymore, then I notice he had been
    >deleting CSS files off my business site and also some JavaScript, which made
    >my buttons roll over, oh, and a DOT was deleted out of my CGI form,
    >so I would lose business,

    ###########################
    What do you mean, "paying me a visit"? Did he go to your house? Did
    you let him in? Why does he have physical access? Is he a busisness
    partner of sorts? If he is, sue for a "commercial divorce". Check
    your local laws. In the US you can use small claimes court.

    As far as finding key loggers and the like, start in the registry
    HKLM, Software, Microsoft, Windows, CurrentVersion, Run.
    Do the same in HKCU. Many of those programs run in there.
    Also, look at msconfig, autoexec.bat, config.sys and win.ini.
    Some of those may not be used depending on the OS.
    Run netstat -an to check for ports listening and established
    connections.
    donnie.
    donnie, Nov 25, 2004
    #4
  5. mofo

    Mike Guest

    mofo wrote:

    > Hi Mike.
    > Thanks for your reply.
    >
    > Who can I go to about it, for instance I cant see the police taking it
    > seriously, and I cant afford a solicitor etc

    Most (good) solicitors will give you free advice. Even the CAB might
    help. I'm serious about this. You need to seek legal advice. You said he
    compromised your business web site? That has got to be criminal damge at
    least. Remember, its your computers and anything that appears to eminate
    from them will be your responsibility. Wether the police take it
    seriously or not depends on what your mate has been doing with your
    hijacked computers

    > also the a-hole in question... (I think)... doesn't know for certain that I
    > have sussed him out, I've said nothing to him and I think he thinks im too
    > stoopid to have sussed him out.
    > Is there a programme I can use that will alert me to anyone using my pc's
    > remotely??

    That depends on what he has used. You need to get expert advice. Tinker
    with it and you may destroy evidence. Unplug from the Internet if you
    are really worried and tell your mate that your modem/router has failed
    or the cat has eaten the cable etc.

    >
    >
    > I have a strange question, I might be paranoid here, but yesterday and today
    > the same odd thing happened on two different pc's. a GOOD mate of mine
    > (lol)... was on one of my pc's, on an online war game, yesterday and the
    > game crashed (never happened before) and reset the graphics and sound to
    > default . then just now it happened to me on my new pc. Can this be due to
    > outside hacking or do you think its just coincidence, the thing is I
    > wouldn't put it past that tosser to do sumit like that, its like him to be
    > spiteful and annoying.


    Sounds like a coincidence.

    > Thanks again for your help.


    You are welcome

    --

    ------------------------------------

    Real email to mike. The header email is a spam trap and you will be
    blacklisted,
    submitted to anti-spam sites and proably burn in hell.
    Mike, Nov 25, 2004
    #5
  6. mofo wrote:
    > Hi group
    >
    > I have a problem with a sneaky mate of mine who has had access to my small
    > network for a long time, I recently realised this and changed the password
    > to my Nat router which resulted in this mate paying me a visit to try to
    > figure out why he could no longer get into MY system, so I thought I was
    > well secure and he could not get in anymore, then I notice he had been
    > deleting CSS files off my business site and also some JavaScript, which made
    > my buttons roll over, oh, and a DOT was deleted out of my CGI form,
    > so I would lose business,
    > so I remembered he had installed some HDD manager on one of the pc's when he
    > visited, well it wasn't a HDD manager, it was "Ghost key logger" I found
    > this out when I installed the same HDD manager and realised it did not need
    > a password, but when he installed it it did, so I went back to the fozi site
    > where he got the HDD manager and found the kelogger prog, I installed it and
    > there was the exact same password box I has seen when I spotted him
    > installing the so called HDD manager, I done a search and the little f***er
    > has had this keylogger running,
    > I done an XP roll back to before he installed it, but as I explained, he
    > seems to be changing stuff still, like for instance, I changed the Nat
    > router password again, then the next day I couldn't get into it .... wtf
    > .... I still cant get in it.
    > Can anyone tell me how I can go about searching all 3 of my pc's to see if
    > he has anything running???
    > Or is there something I can do to ensure he can never get in again????
    >
    > Thanks for reading
    >
    > P.S I don't know why this mate is such a w****r, he has always been a sneaky
    > s**t and likes to think he's a hacker. I have done nothing but treat him
    > with respect.
    >
    >


    Download KL-Detector here
    http://dewasoft.com/privacy/kldetector.htm
    HijackThis might be useful also.
    Download HijackThis here:
    http://www.majorgeeks.com/download3155.html
    There are some system checking tools like Spybot Search+Destroy
    http://www.safer-networking.org/en/download/index.html
    and WinPatrol that alert you to registry changes.
    I don't know if programs like Sysclean from Trend and Escan
    from Micro World would be of any help
    http://www.trendmicro.com/download/dcs.asp
    http://www.mwti.net/antivirus/free_utilities.asp

    As other posters have stated this is a criminal matter
    and the authorities may need the "evidence".
    Remove suspect computer off the network now!
    Scan all others.
    -max
    --
    To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
    Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
    Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
    (nomail.afraid.org has been set up specifically for
    use in Usenet. Feel free to use it yourself.)
    Max M.Wachtel III, Nov 26, 2004
    #6
  7. mofo

    mofo Guest

    -------------------------------------------------------------------------------------


    > What do you mean, "paying me a visit"? Did he go to your house? Did
    > you let him in? Why does he have physical access? Is he a business
    > partner of sorts? If he is, sue for a "commercial divorce". Check
    > your local laws. In the US you can use small claimes court.


    ----------------------------------------- --------------------------------------------

    Well this is how it is. I knew him since school, didn't see him for years,
    then bumped into him 2 years ago, told him im into computers, he loves
    comp's so we got together and started building websites, (short version)
    Then recently I noticed his body language change and I became suspicious of
    what he was upto (Whilst sitting next to me at my other pc) this was around
    the time when he started deleting stuff off the website I built, I was not
    100% sure I wasn't imagining things and left it, It was the other day I knew
    for sure coz right in front of me whilst he thought my eyes where into a
    book I was watching him put a password into something, it was the Keylogger,
    he was trying to capture my passwords... this is the funny bit... On my
    router I don't have to put the password in, it is saved in, so he put an
    incorrect password in so I would put the correct one in next time, he would
    then have it captured with the key logger... lmao coz I sussed him out.
    I have not heard from him in 3 days now so I expect he's wondering why he
    aint had his log file lmao, although if he comes to this NG then he will
    know I know, so Paul u are one sad shit, don't bother coming round for
    dinner no more my girlfriend thinks your scum.

    Thanx for the links to the software... THATS what im talkin about... Im
    runnin em now :))))
    mofo, Nov 26, 2004
    #7
  8. mofo wrote:
    > Hi Mike.
    > Thanks for your reply.
    >
    > Who can I go to about it, for instance I cant see the police taking it
    > seriously, and I cant afford a solicitor etc
    > also the a-hole in question... (I think)... doesn't know for certain that I
    > have sussed him out, I've said nothing to him and I think he thinks im too
    > stoopid to have sussed him out.

    <snip>

    You did say he had a keylogger, right?

    He's probably already read what you wrote to us in these newsgroups.


    Yours Sincerely,
    Samuël ML Lison

    --
    DreamCities.net - A Community for All! (http://www.dreamcities.net)
    Jobs Available: http://business.dreamcities.net/jobs.html
    Contact Me: http://about.dreamcities.net/contact.html
    =?ISO-8859-1?Q?Samu=EBl_ML_Lison?=, Nov 26, 2004
    #8
  9. mofo

    donnie Guest

    On Fri, 26 Nov 2004 02:45:56 GMT, "mofo" <>
    wrote:

    >Well this is how it is. I knew him since school, didn't see him for years,
    >then bumped into him 2 years ago, told him im into computers, he loves
    >comp's so we got together and started building websites, (short version)
    >Then recently I noticed his body language change and I became suspicious of
    >what he was upto (Whilst sitting next to me at my other pc) this was around
    >the time when he started deleting stuff off the website I built,

    snip
    ###########################
    LOL
    Clean your network and don't let that guy near your house.
    donnie.
    donnie, Nov 26, 2004
    #9
  10. mofo

    Leythos Guest

    In following this from a-far, it really seems like we have a couple easy
    to identify things here:

    1) Person A starts company
    2) Person A provides company resources
    3) Person B joins company
    4) Person B damages company property (files, sites, etc...)
    5) Person B installs security breachable software on company property

    It sounds like the following needs done:

    1) Person A needs to provide a written document requiring Person B to
    leave the company and discontinue any action to/on the company benefit.

    2) Person A needs to wipe/reinstall ALL COMPUTERS (servers and
    workstations) that Person B had access too.

    3) Person A needs to change passwords and all physical entry locks/keys
    to property.

    4) Person A needs to file a formal complaint against Person B, or at
    least have a formal complaint drawn up in case Person B tries anything
    else.


    --
    --

    (Remove 999 to reply to me)
    Leythos, Nov 27, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tpg comcntr

    HELP! HELP! PLEASE, PLEASE, PLEASE

    tpg comcntr, Feb 14, 2004, in forum: Computer Support
    Replies:
    11
    Views:
    869
    michael turner
    Feb 15, 2004
  2. Nick

    Computer problems please please please help

    Nick, Jun 4, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    455
  3. Replies:
    2
    Views:
    535
    David Hemingsley
    Oct 31, 2004
  4. The Martian

    Help Help Help Please Pentax S5i info needed

    The Martian, May 19, 2008, in forum: Digital Photography
    Replies:
    2
    Views:
    484
    The Martian
    May 20, 2008
  5. The Martian

    Help Help Help Pentax S5i Help needed (Please)

    The Martian, Jun 4, 2008, in forum: Digital Photography
    Replies:
    14
    Views:
    1,536
    ASAAR
    Jun 20, 2008
Loading...

Share This Page