-
March 28th, 2004, 08:05 PM
#1
Need your help mates...fast
Hi all....
I really need to know how to retreive cookies that were just cleared from internet options.
I'm suspecting someone of being a hacker who is trying to zombify one of the computers in my Internet Cafe. I allowed him to use a USB flash disk. I took screenshots of some of the screens he had opened because they were suspicious. He had an Explorer type softare which was showing him the details of the C drive...and on the other side it was showing his USB drive which in it had some programs a hacker would carry with him. I'll give more detail later on including screenshots.
Thnx for your help
-
March 28th, 2004, 08:40 PM
#2
Hi Cyber......
What OS are you running?
Why cookies I would have thought trojan/backdoor/keylogger given that they had physical access?
Also if the cookies are really gone, how can they be of any harm
The screenshots would be interesting
Cheers
-
March 28th, 2004, 09:17 PM
#3
IIRC windows stores cookies as text files, so an undelete utility might work.
If this is the case the less writes to the hard disk the greater the chance of recovering the files, so make sure the machine is switched off.
Take out the HDD and then use another machine to work with it.
Norton Disk Doctor could be your friend.
Hope this points you in the right direction.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
March 28th, 2004, 09:22 PM
#4
runnign WinXP home ed.
Well he had a folder called BugBear Virus...
A little research on bugBear shows that its a mass mailing worm, which drops a backdoor on the infected computer and allows the hacker to get into the infected machine through a GUI.
The reason why I asked for the cookies is because he went and deleted them for some reason (Maybe he didnt want anyone to see where he went?) He did visit some websites though..that weren't suspiciouis at all (music and shows).
Attached is a screenshot of the program that he was using.
It could be nothing but Its a little bit odd seing a 60 year old man with Viruses in his USB drive. What business would he have screwing around with my computer?
-
March 28th, 2004, 09:32 PM
#5
http://www.theabsolute.net/sware/dskinv.html
or
http://www.pcinspector.de/file_recovery/UK/welcome.htm i have pc-inspector installed here and you can definitly restore cookies you can even restore them to another directory for inspecting or archiving
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 28th, 2004, 09:38 PM
#6
It could be nothing but Its a little bit odd seing a 60 year old man with Viruses in his USB drive.
I have got to get a couple of those usb drives.
If you were to explore my backup CD's, you would find several folders that contain various virus's and trojans I have collected. Most of these I have been moving to floppies for increased security, but I collect some of them for future study (future because I don't feel I know enough to explore them yet).
And I am 57.
As for deleting cookies, if I were using someone elses machine, I would delete all cookies and history (including all offline content) as I cleared off their machine. Simple security (privacy) policy.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
March 28th, 2004, 09:41 PM
#7
-
March 28th, 2004, 09:45 PM
#8
may i ask? do you take screen shots on a regular schedule or did you do it becase you wanted to see what he was up to? if its the later youd be better off using slarty's gen control it uses rpc to start a vnc session without diplaying the systray icon. you could also install vnc on them all install the service and set it to manual start then psexec \\thebox net start winvnc. the server will start without diplaying the tray icon. periodic screen shots are a good idea only if you review them.
what are you useing for screencaps?
moxnix i thought you aroung that old by your name...nato, germany, circa 1970
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 28th, 2004, 09:52 PM
#9
If you are going to go to the trouble of monitoring activities, don't you need to display a sign or something saying 'You may be monitored for security reasons' or similar, otherwise couln't you be sued for invasion of privacy...
You could even be accused of stealing bank passwords etc.
HTH
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
March 28th, 2004, 10:00 PM
#10
anyone that would use a cc on a public computer should have it taken away by the cc company...theirs no patch for stupidity but ill betcha dollars to donuts the sign is already up.
just because theres a folder named bugbear does not mean it contains the virus. he could have been collecting info on it...maybe he or someone he knows caught it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|