Lack of knowledge taken advantage of?

  • Thread starter Thread starter Melanie
  • Start date Start date
M

Melanie

Recently, someone who knows a bit more about computers
than I do was at my house, and in normal fashion, wanted
to 'use my computer to check his email'. Well this email
checking turned into a 5 hour long ordeal during which I
was nodding off [he was here 2am-7am]. Anyway, I noticed
him doing things to my computer but didn't question it
because he said he was helping me with computer
maintainance. I just let him do his thing because I don't
know that much about the topic. However, once he left I
was on my computer and noticed some things that I didn't
believe to be that way before. I saw when he was
accessing his server at work and had his desktop from
work visible on the screen. Now, I can't do a system
restore [from earlier time] and I have tried to restore
my system to every single available date. My system
restore option worked flawlessly before he touched my
computer. It is basically brand new.

What I'd like to know is : is there any way to see
EXACTLY what he did to my computer and is there a way to
change it back to it's condition before he messed with
it? And is there a way that he can still be remotely
viewing my files?
 
Melanie said:
Recently, someone who knows a bit more about computers
than I do was at my house, and in normal fashion, wanted
to 'use my computer to check his email'. Well this email
checking turned into a 5 hour long ordeal during which I
was nodding off [he was here 2am-7am]. Anyway, I noticed
him doing things to my computer but didn't question it
because he said he was helping me with computer
maintainance. I just let him do his thing because I don't
know that much about the topic. However, once he left I
was on my computer and noticed some things that I didn't
believe to be that way before. I saw when he was
accessing his server at work and had his desktop from
work visible on the screen. Now, I can't do a system
restore [from earlier time] and I have tried to restore
my system to every single available date. My system
restore option worked flawlessly before he touched my
computer. It is basically brand new.

What I'd like to know is : is there any way to see
EXACTLY what he did to my computer and is there a way to
change it back to it's condition before he messed with
it? And is there a way that he can still be remotely
viewing my files?
Click to expand...

1) There is no way to trace back everything he did.
2) Yes - there is a way he can be remotely seeing your files.

Correct this easily..

Turn on your firewall and make sure (if you don't use it) the firewall is
not configured to let Remote Desktop or anything else through..

How to Enable XP's Firewall:
http://www.microsoft.com/windowsxp/pro/using/itpro/securing/enableicf.asp

How to configure the different ports to allow services to work through the
firewall:
http://www.microsoft.com/security/protect/ports.asp
 
Melanie, I would also recommend you run anti-virus software with current
definitions to make sure he did not plant some evil remote control or
snooping program on your machine.

Hope that helps
 
Melanie said:
Recently, someone who knows a bit more about computers
than I do was at my house, and in normal fashion, wanted
to 'use my computer to check his email'. Well this email
checking turned into a 5 hour long ordeal during which I
was nodding off [he was here 2am-7am]. Anyway, I noticed
him doing things to my computer but didn't question it
because he said he was helping me with computer
maintainance. I just let him do his thing because I don't
know that much about the topic. However, once he left I
was on my computer and noticed some things that I didn't
believe to be that way before. I saw when he was
accessing his server at work and had his desktop from
work visible on the screen. Now, I can't do a system
restore [from earlier time] and I have tried to restore
my system to every single available date. My system
restore option worked flawlessly before he touched my
computer. It is basically brand new.

What I'd like to know is : is there any way to see
EXACTLY what he did to my computer and is there a way to
change it back to it's condition before he messed with
it? And is there a way that he can still be remotely
viewing my files?
Click to expand...
Melanie, I would also recommend you run anti-virus software with
current definitions to make sure he did not plant some evil remote
control or snooping program on your machine.
Click to expand...

John makes an excellent point.

You may want to not only change your firewall settings as I pointed out
earlier, but update your AntiVirus software, scan for viruses. Also, I
suggest the following applications to scan for any spyware/adware/malware
that he could have put there purposely or accidentally (as well as you could
have gotten there..):

Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these.. I recommend at least the first
three.)

Spybot Search and Destroy
http://www.safer-networking.org/

Lavasoft AdAware
http://www.lavasoft.de

Hijack This!
(For browser Hijacks - also look into CWS Shredder)
http://mjc1.com/mirror/hjt/

And Assortment of Others:
http://www.merijn.org/downloads.html
 
Melanie,

You didn't say what version of Windows you have. But if it's Windows XP
here are some things you can do.

1. Set a password for your personal account. Keep this password private.
2. Enable the Guest account and require that anybody who wishes to "borrow"
your computer use it. With this "limited user" account, the guest cannot
install / uninstall any programs, make any system-wide configuration
changes, or view your personal files. Be suspicious if the person borrowing
your computer complains that he does not have enough "access".

With regard to your computer's current configuration, depending on the
extent of what this person did, you may be able to get things back (more or
less) to where they were by "detecting" what was done using some of the
tools mentioned by the other responders. However, the only sure thing -
(and only if it's really bad) is for you to backup your data, reformat the
HD, reinstall Windows and restore your data - to guarantee that all is well.
Use this option only as a last resort; get a "trusted" friend to do this for
you if you're uncomfortable doing it yourself.

Melvin
 
I agree with the other suggestions folks have made, particularly:

1) making sure the firewall is enabled, and checking to be sure that no
ports are opened, and, on the ICMP property sheet, that ping responses are
disabled.

2) Yes, update your antivirus and do a full scan of all files on the
machine.

3) DO install and run, both Lavasoft's Ad-aware and Spybot Search and
Destroy.
After installing, run each. On the first run, update the definitions, then
do a full scan.

With ad-aware, feel free to remove anything it finds.

With Spybot Search & destroy, feel free to remove anything marked in red.

In your case, I'd consider going one step further.

You might wish to run a third-party software firewall, such as Zone Alarm,
or any other of your choice. If you do this, you should disable XP's
firewall once the other firewall is effective.

Here's why I make this recommendation. Since this person effectively had
physical posession of your machine, he could have installed code which
communicates out to some location of his choice. XP's firewall does not
block such outbound communications. If he is able to respond to such
outbound communication, XP's firewall will allow that response back into
your system--since it is part of an ongoing conversation which began
outbound from your machine. Thus, he could still be in control of your
machine, even with the firewall up.

I hope that you, and we, are just being paranoid here, and that you won't
discover anything out of the ordinary. Most systems have a fairly large
number of items found by both ad-aware and Spybot search & destroy scans.

Unfortunately, running a third party firewall which alerts you to outbound
communications can result in a fairly large number of alerts for things with
cryptic names which you weren't aware were communicating out from your
system. Check these out on your own, or write back here--but don't say yes
to them unless they are clearly related to some action you've taken, or you
can recognize the source or software involved.

I can empathize with both sides here--remember that you need to have a
pretty good trust level for someone that you allow to sit down at your
machine and do things that you don't understand--ask for explanations--learn
things from them.

What would be worrisome is if any of the scans find things labelled as
either a trojan or a keylogger--watch for those, and take careful notes of
the names, if found.

Melanie said:
Recently, someone who knows a bit more about computers
than I do was at my house, and in normal fashion, wanted
to 'use my computer to check his email'. Well this email
checking turned into a 5 hour long ordeal during which I
was nodding off [he was here 2am-7am]. Anyway, I noticed
him doing things to my computer but didn't question it
because he said he was helping me with computer
maintainance. I just let him do his thing because I don't
know that much about the topic. However, once he left I
was on my computer and noticed some things that I didn't
believe to be that way before. I saw when he was
accessing his server at work and had his desktop from
work visible on the screen. Now, I can't do a system
restore [from earlier time] and I have tried to restore
my system to every single available date. My system
restore option worked flawlessly before he touched my
computer. It is basically brand new.

What I'd like to know is : is there any way to see
EXACTLY what he did to my computer and is there a way to
change it back to it's condition before he messed with
it? And is there a way that he can still be remotely
viewing my files?
Click to expand...
 
Back
Top