[LMN]

Hi,
I'm new and I hope I'm posting my question in the correct forum!

I noticed an unusual web address in the drop down menu of my address bar, so I clicked on it and it brought me to an adult website. Then I opened my history and saw about 15 or so other adult sites - some of which had multiple "tiers" listed. (The web address and then sample files and media player files.)

My question is - knowing that I didn't access these sites, how could this be on my computer? Is there a virus that could actually get these to show up on my history, or is it more likely that someone else accessed my computer. (On that note, I looked up the history detail and could see the times that these sites were accessed, and the hits all occurred during a 30 minute period that I was away from my office/computer.

Thanks in advance for any advice you can give me to help solve this mystery!

[Advertisements]

anyone... any advice?

[LMN]

anyone... any advice?

[dsenette]

it could be malware....or a phantom wanker

[Rawe]

Can you first download CleanUp.

Make sure you install it.. Follow the prompts on the screen. Then, close any other open windows, run CleanUp and let it run completely. Reboot.

Now, if you want me to check if your PC is infected by something malicious, go here;
http://www.merijn.or...ackthis_sfx.exe

Click Save to disk, when loaded, hit "Open". There should open a window, hit "Unzip" then "Close".

Go to C:\Program Files\Hijackthis - folder. Launch HiJackThis and run a scan. Click Save Log. An notepad file should open with a log.. Copy & paste all of it's content in a reply to this thread. Do NOT fix anything in HiJackThis yet, since most of what it lists is totally harmless or even CRITICAL to your computer! I will take a look at it and let you know if you have any infections.

- Rawe

[EMCguy]

...........

My question is - knowing that I didn't access these sites, how could this be on my computer?  Is there a virus that could actually get these to show up on my history, or is it more likely that someone else accessed my computer.  (On that note, I looked up the history detail and could see the times that these sites were accessed, and the hits all occurred during a 30 minute period that I was away from my office/computer.  

Thanks in advance for any advice you can give me to help solve this mystery!

If its malware of some sort, Rawe can definitely help you.

With regard to others using your computer, I have some questions. Do you have multiple accounts on that computer? Do you have good passwords, and passwords on your screen saver? Does anyone know your password? Is it easy to guess? When does your screen saver kick in? Who could have had physical access to your computer? How good are their computer skills? Are you on dialup or broadband? Would they need a password to get on the internet? Do you use a firewall? What kind? Are you on a network?

I'm asking these questions mainly to get an idea of easy it would be for someone other than yourself to use your computer.

If you like, we can give you advice on ways to secure your computer from others. You can't keep a pro out if they have physical acess to your computer, but we can help you to keep the honest people honest.

Best regards,

EMCguy

Edited by EMCguy, 01 August 2005 - 11:01 PM.

[LMN]

Thanks for your advice -

I don't have multiple accounts on the computer, other than "administrator" and my own. My computer is at work - in an office on a network. I'm not sure about the connetion to the internet, other than to know that we have one. I'm sure we have a firewall, but that apparently hasn't been 100% effective in stopping other potential viruses and ads because we've had occassion that our IT dept has needed to inform us (company-wide) of potential viruses and undesired activity/software, etc that could be lurking about.

I did not have a password set on my screen saver at the time - but I do now! I don't suspect that anyone would know the password. Also, I have my screen saver set to kick in in about 5 minutes. I had it set at 1 minute - but that was too often. I think when I leave my office - the screen saver kicking in within (at most) 5 minutes (assuming I use my PC right up until the time I leave) - should do the trick.

Basically I'm just curious to know if it is even POSSIBLE for malware or other malicious and undesired software to either automatically visit undesired sites, or to leave urls in my explorer history bar, etc. OR if it was more likely that somebody accessed my computer. I've had times in the past that something would automatically change my homepage (even without being asked) - and I didn't know if this was something similar...

Thanks so much for all your advice!

[dsenette]

malware can deffinitly reset your homepage...and it's main purpose is to send information...this usually includes accessing websites that you normally wouldn't go to

[Rawe]

Yes.. Did CleanUp! do the trick? Do you have any problems at the moment?

[LMN]

Well I'm not having any problems at the moment - we'll see if it happens again...

Thanks much!

[LMN]

I was just talking to someone about this, and he was under the impression that for urls to show up in my history, the sites would have had to have been physically typed into my computer - not some sort of virus or malware. Also, other than the number of adult sites accessed during that 30 minute period while I was out of my office, everything else in my history is normal.

I guess I just REALLY want to know if someone had the nerve to sit down at my computer and use it for this purpose. (When I could have returned at any moment.)

It just seems suspicious to me that this activity all occured during a timeframe when my computer was unattended. (Looking more like it was a person who did this not malware.)

Can anyone tell me for sure if it's even possible for malware or phantom wanker to have done this? (So I can stop suspecting everyone in the office!)

Thanks again!

[EMCguy]

LMN

Almost anything is possible with malware. They can't cook hardboiled eggs yet, but give them time, and connect your stove to the internet ....

Heres some advice about passwords. You can have a password setup on your account, but many people forget to set passwords on their default admin account.

That account can be accessed is safe mode fairly easily, and without a password there, malefactors can walk right in. You might want to put a password on that as well. You can also put passwords on BIOS, but I'm probably getting paranoid here.

Would any of your office mates have noticed or thought it odd that someone other than yourself was using the computer?

When you say you've had your homepage changed before, was that on this computer? If so, when did that happen and how did you fix it?

(always with the questions, I know )

Regards

EMCguy

[Rawe]

Again, if you want to check if your PC has spyware/other malware, please post that HiJackThis log for me..

[dsenette]

also...tell the person that told you that you had to type the urls in for them to be in your history that he is mistaken...if your account has a password then before getting up press ctrl + l

[EMCguy]

LMN

My previous reply went whizing past you lastest post.

Youll probably never know. There are detailed forensics investigations that could be done, but they will cost thousands, and it might even be too late. If you are the owner of the company, and you are really ticked off about this, and you have the money to burn, maybe that is worth it.

When people dont use good passwords, its kind of like leaving your car running with the keys in it. You should be able to do that, but in our fallen world bad things can happen.

An outside hacker or anyone sharing your network could have possibly gotten onto your computer from the network, and the fact that your passwords are somewhat lax may have allowed them greater access to your computer.

Have you asked your IT/network folks about it? They often times have logs of various activity, and might be able to help you figure it out. If its a hacker from outisde or inside the company, they would want to know about it.

Now that I think of it, you should definitely tell them, since many companies have policies against using work terminals to access such sites, and you dont want IT to think you were the one doing the access.

Also, IT might want to consider blocking these site and about a million more.

Wishing I had better news,

EMCguy.


added this
PS. Do the HJT scan like Rawe suggested. Its a quick download, and its a quick scan. Just DONT FIX anything without expert support, since most of what HJT reports on is good and necessary for your computer. Rawe can help you deteremine if there is malware on your computer. HJT is a very slick tool.

Edited by EMCguy, 02 August 2005 - 12:24 PM.

[LMN]

Thank you all for your good advice - which I will take!

I'm not the owner of the company, just someone who is very upset by this whole situation (more so in thinking that someone in my office did this... I could take it better if it were malware, etc.)

Thanks again for all of your helpful and intelligent advice!!

LMN