Need your help mates...fast
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Need your help mates...fast

  1. #1
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836

    Need your help mates...fast

    Hi all....



    I really need to know how to retreive cookies that were just cleared from internet options.

    I'm suspecting someone of being a hacker who is trying to zombify one of the computers in my Internet Cafe. I allowed him to use a USB flash disk. I took screenshots of some of the screens he had opened because they were suspicious. He had an Explorer type softare which was showing him the details of the C drive...and on the other side it was showing his USB drive which in it had some programs a hacker would carry with him. I'll give more detail later on including screenshots.

    Thnx for your help

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Cyber......

    What OS are you running?

    Why cookies I would have thought trojan/backdoor/keylogger given that they had physical access?

    Also if the cookies are really gone, how can they be of any harm

    The screenshots would be interesting

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    IIRC windows stores cookies as text files, so an undelete utility might work.

    If this is the case the less writes to the hard disk the greater the chance of recovering the files, so make sure the machine is switched off.

    Take out the HDD and then use another machine to work with it.

    Norton Disk Doctor could be your friend.

    Hope this points you in the right direction.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    runnign WinXP home ed.

    Well he had a folder called BugBear Virus...

    A little research on bugBear shows that its a mass mailing worm, which drops a backdoor on the infected computer and allows the hacker to get into the infected machine through a GUI.

    The reason why I asked for the cookies is because he went and deleted them for some reason (Maybe he didnt want anyone to see where he went?) He did visit some websites though..that weren't suspiciouis at all (music and shows).

    Attached is a screenshot of the program that he was using.


    It could be nothing but Its a little bit odd seing a 60 year old man with Viruses in his USB drive. What business would he have screwing around with my computer?

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    http://www.theabsolute.net/sware/dskinv.html

    or

    http://www.pcinspector.de/file_recovery/UK/welcome.htm i have pc-inspector installed here and you can definitly restore cookies you can even restore them to another directory for inspecting or archiving
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    It could be nothing but Its a little bit odd seing a 60 year old man with Viruses in his USB drive.
    I have got to get a couple of those usb drives.
    If you were to explore my backup CD's, you would find several folders that contain various virus's and trojans I have collected. Most of these I have been moving to floppies for increased security, but I collect some of them for future study (future because I don't feel I know enough to explore them yet).
    And I am 57.
    As for deleting cookies, if I were using someone elses machine, I would delete all cookies and history (including all offline content) as I cleared off their machine. Simple security (privacy) policy.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,836
    true that

    Hey I bought 128MB ones for $20 dollars...

    They had a huge sale one day...64MBs ones for 20 bucks...then a week later they put the 128MB ones for 20 bucks too YAY ME


    Ok i'll just forget about the cookies. What i'm planning on doing is to install a PC-SPy program and monitor his activities next time he comes in. Anyone else got any other ideas?

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    may i ask? do you take screen shots on a regular schedule or did you do it becase you wanted to see what he was up to? if its the later youd be better off using slarty's gen control it uses rpc to start a vnc session without diplaying the systray icon. you could also install vnc on them all install the service and set it to manual start then psexec \\thebox net start winvnc. the server will start without diplaying the tray icon. periodic screen shots are a good idea only if you review them.

    what are you useing for screencaps?

    moxnix i thought you aroung that old by your name...nato, germany, circa 1970
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    If you are going to go to the trouble of monitoring activities, don't you need to display a sign or something saying 'You may be monitored for security reasons' or similar, otherwise couln't you be sued for invasion of privacy...

    You could even be accused of stealing bank passwords etc.

    HTH
    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    anyone that would use a cc on a public computer should have it taken away by the cc company...theirs no patch for stupidity but ill betcha dollars to donuts the sign is already up.

    just because theres a folder named bugbear does not mean it contains the virus. he could have been collecting info on it...maybe he or someone he knows caught it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides