spysubtract (intermute)

[Sm0kinP0t]

As for unwanted content on your computer, i.e. child porn, you are better off not knowing any illegal content

I understand what you were trying to say ( kind of: if you don't now it's there, it can't hurt you ), but there have been court cases where it was proven that the computer was own3d by a third party on a DoS, and that the real owner had nothing to do with it, thus being cleared of any charges
( this could be a great theme for a discussion with the more forensics users here on AO, how to know that the offender didn't fake the infection himself to seem innocent - but I leave that to you guys ).

And that being said, if you do have illegall content (child porn f.ex.), you could always go to the Tec. Division of your local police (if they have it) and report the situation, helping them to trace (via logs) the stuff back to the real bad guys... that's what I would advise.

[jenniferaloette]

You guys are amazing and I thank you for all suggestions! I'm anxious to hear from tiger shark, I sent the file. Going to bed now. Thanks again!

[brokencrow]

I'm not so sure that's bad advice, although it may indeed be. I do think there's one standard for men, and another for women, so our poster may well have an advantage.

I got involved in shutting down a child porn site a couple of years back and found out I could well have been arrested at any point. I turned the registrant's full whois over to the state highway patrol in his resident state and they emailed me back, asking me who this person was! Chit, I gave them his address and phone number, along with a link to his site, and they want to know who he is?! I also turned it into a child abuse site and never heard a word from them. I made two mistakes: one was saving a screenshot of the site, and two, calling the registrant and confronting him.

The first was a mistake because possession of child pornography can subject you to arrest, for whatever reason and whether or not you had anything to do with putting it there. There are numerous cases of do-gooders arrested for possession of child porn and ending up in federal court (usually those are found not guilty but it's going to cost you a lot of money).

The second was a mistake because, interestingly, the largest purveyor of child porn in the US is...the United States Postal Service! I've heard this from numerous law enforcement officials and academia. So I may have unwittingly interfered with official police business without even knowing it. Leading people into temptation may be good business, but it makes for bad law.

I found the whole experience so convoluted that I just go the other way now. I have nothing to do with child porn sites, and I prefer to have nothing to do with enforcing laws against them. The laws for computer crime are poorly written and even more poorly enforced. And there is so much porn on the internet it's ridiculous. Often there's no telling where it comes from and under what circumstances. I'm more than happy to help law enforcement officials, but not at the risk of subjecting me to arrest.

Jennifer, if you want to know what pictures are on your computer, you might download and install Google's Picasa software, which I do believe will search out all the pictures on your computer and make them viewable. If there is pornography on your computer, you have every right to be offended. I do not know the full circumstances of what's going on in your world, but I do know people often overreact.

I wish you all the best...

[nihil]

Jennifer ,

Might I suggest that you adopt a cautious approach at this point in time?

What you have is an anti-malware product that has stored stuff in its temporary files (probably its "quarantine"?)

Now, that suggests that it did its job and intercepted stuff it considered malicious. So that stuff never got through to the system itself?

Please do not misunderstand me, I am not saying that "everything is OK" or trying to lull you into a false sense of security. I just feel that you should stand back and think this through.

As has been suggested, there are various ways in which this stuff can get onto your machine. Not all of these would require someone at your location to be using it.

There are various history files on your computer of which Windows and your browser are probably the most significant.

If I found evidence in those I would be far more concerned, as they indicate the connections that "worked" rather than those that were blocked.

If there is nothing in your history files, this could be due to your windows/browser settings, or it could be that someone is making an attempt to cover their tracks. So if your settings are to keep 14 days history and there is none, you would appear to have some sort of problem. If you have the expected history and there is nothing questionable there you are probably OK as to selectively edit those history files would take a considerable degree of skill.

In the meantime, I would strongly suggest that you turn your machine OFF when it is not in use, and only connect to the internet when you need to. Not only will this save you money on your electricity and reduce fire risks, it will make your machine far less attractive as a "bot" ( a machine controlled by a remote third party).

Just a few thoughts

[Tiger Shark]

Jennifer:

The file excerpt you sent me indicates that the file is some sort of history of malware, (any kind of content that is less than beneficial to the owner of the computer), that has been removed or intercepted. I can tell this because it documents the keys in the registry that it found or intercepted before they alter the registry. The example below implies that something was intercepted trying to alter the registry:-

H K C U S o f t w a r e \ M i c r o s o f t \ W i n d o w s N T \ C u r r e n t V e r s i o n \ W i n d o w s C = S Z : e x p l o r e z . e x e ; S E T = S Z

I found numerous indications of either the interception or removal of trojans, (not the contraceptive - "Trojan Horses" - programs that purport to be helpful or good but that are actually bad), and Browser Helper Objects, (which is one of the most common ways to introduce spyware to your computer). I'd say two things about that. Firstly, having seen the Hijack This log I'd say that the spyware application you are using is doing quite a good job of protecting your computer - that's a good thing. Secondly, you need to sit down with the entire computer using portion of your family and discuss your surfing habits... Unless you have had this computer for several years you seem to get an awful lot of crap removed or intercepted indicating less than "safe surfing", (lots of "Free" sites, games sites etc. is usually going to get you stuff you don't want).

Ok... On to the crux of the issue... The Porn... You can relax and I believe you owe hubby a nice big hug. You can relax because the "child" porn you suspected isn't child porn. It's exactly what I expected to find. The references I found did imply young, underage girls by using such terms as "teen" and "lolita". This points to the fact that you have never surfed the internet for porn yourself. Had you ever done so you would know that about half of the porn sites out there _claim_ to be using teens as models... They aren't... in fact most of the models have more wrinkles than me... But they like to dress them up young to attract us "nasty" men...

I believe you owe hubby the hug because, unless you have tons and tons more examples of pornographic sites in the remainder of the file(s), there doesn't seem to be any indication of long term or regular "abuse" on the part of anyone in your family. The percentage of the file that might point to that is far too small to be of concern and almost certainly occurred without the users knowledge or as a simple "one time" curiosity thing.

Hope that helps.

[jenniferaloette]

Tiger Shark - Thank you for the encouragement. I am sending you a private message if you have the time...
Brokencrow, nihil, SmOkinPOt - you are all right. There are many factors involved...20 year marriage, 4 kids...I'm not sure what all this says about me but it's a lot more than I wanted to know about "him".
If anyone knows the answer to this:
Could these files/info have survived the destructive recovery I did on 3/24/06? Is there a way to look for other remnants if so? I was assured that nothing would still be there...feeling pretty dumb.

[jenniferaloette]

P.S. By "remnants" I mean ANYthing - not just this garbage - that would let me know that some data came through....

[Tiger Shark]

Jennifer:

If your "destructive" recovery involved a CD-ROM that came with the computer for "recovery" then yes, absolutely, these data files would most probably have survived. Usually, these recovery disks just re-install the operating system and any applications that came with the computer originally. In this case additional data files will go untouched.

Another reason why I'll state they survived is that the number of trojans etc. that appeared in the file fragment you sent me indicates one of two things. Either you are picking up trojans several times a day during your surfing or that the activity is from a long period. Unfortunately, if there are any dates in there they are encoded and I can't see where exactly they would be so I can't _prove_ my theory that this file contains data over several months but my experience in this field does lead me to believe so.

[morganlefay]

just a thought...

I have 4 kids also....2 of mine...2 of my sweeties ranging from 8 to 12

They are at the age where they are very curious about sex...to say the least....

And...I have found evidence of porn sites on thier computer.

Take Tigers advice.....have a talk with the whole family about appropriate internet use, and how going to inappropriate sites...not only compromises the secuity of your computer....but there will also be consequences ...like no computer access.....and ...how it is logged and that you can find it.

I warned the kids that if I find this again...that there will be no internet access....period

That was over a year ago....and the behaviour stopped.

BTW...I have seen many an adult blush when working on thier computer

Just thoughts

Geez....I even browsed porn just to see what all the hype was about

MLF

[jenniferaloette]

Thank you Tiger Shark. I didn't use any recovery disks, I used the utility in the computer that supposedly reformats from the hard drive. Does that change your opinion?