intruder alert? or am i just paranoid?

View Poll Results: I vow to cause harm to computers and the information contained therein

Voters
5. You may not vote on this poll
  • Sure, Spec!

    3 60.00%
  • No. Im a by-product of web 2.0

    2 40.00%
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: intruder alert? or am i just paranoid?

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    8

    intruder alert? or am i just paranoid?

    Hello All:

    I have a PC running WinXPP directly on the internet. It is running the WinXPSP2 firewall and has all current updates. It is runing FSecure AntiVirus 2006.

    Occationally I find that the time has been set to one hour ahead. Or the date has been set to one day ahead. Also lately I have noticed that the IE cache size is being changed from 1Mb to 675Mb. These things do not happen daily, maybe every one to two weeks (and they dont all happen at once, just one at a time).

    Is there a virus or other malware that will do this? Or is there an intruder?

    If it is an intruder how do I go about capturing their IP address when the pc is unattended?


    Thanks,



    PS: There is no imortant data on the pc it is just used for internet browsing.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    You shake your PC down for viruses and spyware? Try the online scans like Panda or Trendmicro for a second opinion.

    Not sure about the IE cache, but typically cache sizes will vary.

    The time issue: it's not typical of viruses and spyware to do that. Probably the CMOS battery. How old is that thing?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    Senior Member
    Join Date
    Nov 2005
    Posts
    316
    dreadnought0067,

    if you have a program running to bypass the windows validation check (or WGA as some people would call it), it plays around with the date in the bios which disturbs the date and the time in the system.

    as for the IE cache, you can reduce it from control panel>internet options.

    plus...what programs are you using to check to check for malware/adware?
    you are entering the vicinity of an area adjecent to the location.

  4. #4
    Junior Member
    Join Date
    Jun 2006
    Posts
    8
    I have FSecure running for antivirus, it is supposed to be running daily. FSecure has antispyware, but it isn't the bet.

    The pc is a PIII 550, so it is getting old.

    As for the version of windows, it is a microsoft msdn version of winxpp.

    I specifically set the IE cache to one MB and it will increase itself to 675Mb. (this just seems really odd to me.)

    I am about ready to scratch the HDD and restore from my image backup.
    The early worm gets eaten by the bird.

  5. #5
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's


    Just to be sure have you enabled AUTOMATIC SYNCHRONIZATION OF TIME ? If, yes that might be the cause of your clock being set to a new time automatically.

    If you can post a hijackthis log here be sure to remove your username from the log
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  6. #6
    Or even try replacing the battery on the MB, and see if that fixes the time/date problem, like you said the Pc is old, so maybe the battery is on it's last legs and needs a replacement..

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    As .:front2back:. suggests, the CMOS is generally powered by a small watch battery, usually a CR2032. Pretty easy to do.

    ...if you have a program running to bypass the windows validation check (or WGA as some people would call it), it plays around with the date in the bios which disturbs the date and the time in the system.
    You learn something everyday. I didn't know that. There is a file that will disable WGA if you're willing to dig around. I haven't needed it so I can't remember the name of it.

    Wow, a 1 mb IE cache? That's pretty small. Try setting it larger, say 500 mb's to see if it keeps flipping to a larger size.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    One more thing just because your clock got reset or the IE cache size increased on its own doesn't mean you pull out your backup and format and restore. Paranoia is good to a certain level because it keeps you on your feet and you might just spot an intrusion but too much paranoia is like what you have said :

    paranoia deep destroyer
    Anyway don't worry too much get to know the cause of the problem then get a solution out.

    cheers and be safe.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Junior Member
    Join Date
    Jun 2006
    Posts
    8
    this system gets re-imaged quite often anyway - every time demo software expires.

    replace the MB battery... I havent had to do that in years. the last time i had to do that we were using those big lumpy black things (386/486 era).
    The early worm gets eaten by the bird.

  10. #10
    Member
    Join Date
    Jun 2004
    Posts
    37
    you reimage your machine to refresh your demo software?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides