highjacked?

My daughter has a 1 yr old Sony laptop with Vista Home Basic and it's on a
wireless secured network. She downloads pics from her camera and places them
in the My Pictures folder. Last week she noticed that her pictures and pic
folders were missing and in their place pictures she has no idea where they
came from or who the pics are of. Other folders and files appear intact.
After a complete search, including recycle bin, her pic files and folders
were nowhere to be found.
The firewall is always on, updates are automatic and programs AWG, Adaware
and Spybot are updated regularly, run and no signs of problems.

The only thing that may have been unusual was she temporarily switched her
wireless access to an unsecured network (secured one was not working).

Any idea what might have happened or how the pics could have been downloaded
without her knowledge?

Thanks for feedback.
Rob

Post in reply to: Rob


Somebody may have been able to access your daughters computer... The
possibilities are endless...!

Go through 'cleaning' these steps:

1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Win...139d91033.mspx

3.Download/execute:
Malwarebytes? Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/down...NTISPYWAREFREE

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...ols/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.theeldergeek.com/forum/in...6&showforum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

Additional information:
GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either
http://antirootkit.com/forums/index....81ffe4361c3a17
--or--
http://www.thespykiller.co.uk/index.php?board=3.0

For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
User Account Control Step-by-Step Guide.
http://technet.microsoft.com/en-us/l.../cc709691.aspx

Understanding and Configuring User Account Control in Windows Vista.
http://technet.microsoft.com/en-us/l.../cc709628.aspx

2. Familiarize yourself with "Services Hardening in Windows Vista".
Services Hardening in Windows Vista
http://www.microsoft.com/technet/tec...SecurityWatch/
Educational reading:
10 Immutable Laws of Security
http://technet.microsoft.com/en-us/l.../cc722487.aspx

3. Don't expose services to public networks.
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm

4. Keep your operating (OS) system (and all software on it)
updated/patched. (Got SP1 yet?).
Windows update.
http://www.update.microsoft.com/wind....aspx?ln=en-us
Secunia Personal Software Inspector
http://secunia.com/software_inspector
https://psi.secunia.com/
--And--
M/S Security Baseline Analyzer 2.0
http://www.microsoft.com/downloads/d...displaylang=en
can assist also.

Why Service Packs are Better Than Patches.
http://www.microsoft.com/technet/arc....mspx?mfr=true

5. Secure (Harden) Internet Explorer.
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/d...displaylang=en

Internet Explorer Enhanced Securit

Post in reply to: Rob
The best internet security is to stay away from unknown websites, especially
those that offer anything free such as wallpaper, song lyrics, music, movies,
greeting cards, calendars- anything free. Also, never open e-mail from
unknown senders.

There is some good free software out there, but before going to those
websites check out the legitimacy of the free software at review sites such
as CNET.

Also, I've found Trend Micro to be a good protector of Vista OS. Yes, it
costs, but it gets the job done and saves time in the long run and one
purchased license can be used on 3 computers.

Cheers...
--
oscar

....Right click is your very good friend...

Post in reply to: oscar
I guess I can assume the original pictures are not recoverable. It just
seems next to impossible her laptop was 'invaded'.

I'll proceed to do a 'cleaning' and take a serious look at Trend Micro

Thanks for suggestions.

1 shocked Vista user.....Rob

Post in reply to: Rob
If she trespassed into someone else's network to access the internet as you
suggested, whatever folders she had shared on her computer could have been
accessible to anyone on the other network. Not really any hacking involved
if there was read-write access to the pictures folder.

I can think of two slim chances to get the pictures back... A faint hope
would be if the pictures had simply been moved or renamed elsewhere on her
PC.
The second chance would be to try using a file recovery program like PC
Inspector File Recovery, or something similar. If the deleted pictures
haven't been overwritten you may be able to locate and recover them.
Download from http://www.pcinspector.de/download_all.htm?language=2
After installation the program needs to be run as Administrator.

Post in reply to: RalfG
Well, tried TrendMicro but repeatedly got a runtime error on install. Tried
VirtualLab but it came up empty looking for the photos.
Yes, the folder was set to shared so the access was possible on another's
network.

Oh well, maybe can get some of the pics from the old PC. At least there's
partial solution.

Thanks for all the advice.

Cheers!

Hi Rob
Since it was my pictures that was affected you can use previous
versions to restore her pictures. Previous versions is a feature that
many are not aware of and is enabled by default. I don't like it
personally but it can be useful.

SuperXero
HackingManual.Net


--
SuperXero