-
Yep - Oblivious might be on the right track there, your friend may want to do some serious cleanup on her PC - Trojan/Keylogger Detection and Removal, Virus scan, Malware cleanup, all that jazz.. Then consider either downloading or purchasing a pretty good firewall and configure it correctly...
-
Based on all above, make sure she will change the password from another computer, better yet, connected through another ISP. This will allow you (and her) to relax a bit while checking for malware (keyloggers, trojans and friends) in her computer.
About contacting the admin, I think you should do it. If you know the registered domain for the isp, check it in http://www.networksolutions.com/cgi-bin/whois/ so that you can have some contact info. Usually you can just contact abuse@isp.com, but it´s nice to have some other ways. I hope they will be helpful.
-
From the way she talks I am guessing she does not have any such programs on her computer.
assumeing that there are no ltttle progs hideing on her computer and she uses passwords like the ones that where mentioned earlier with letters and numbers and changes the passwords often would that mean it is most likely the Admin or just a talented hacker?
-
The way I see it, given enough time, there is always a way around any program or device put in place for protection. Having the applications that were described installed on that PC would help, but nothing is 100% effective. If she was taking every safety precaution to ensure her security, then I guess it could be a corrupt admin (hopefully not likely), misconfigured ISP allowing the 'hacker' access, or possibly a number of other things. I would have her contact her ISP directly and demand help - keep calling until satisfaction is acheived..
BTW, is she going to take any of these measures?
-
To be on the safe side, see if she can get to a new computer, change her new password there and then not use her computer for X amount of time to find out if there is somethign that none of your scans could bring up. Heck there was just a new backdoor that was found that none of the AV programs could find. Just something you may want to think about trying. If she changes this on another computer and still has the problem. Then you know the problem lies with either her admin or the email server. Have her give it a try and let us know what happens
-
Without knowing the specifics of the configuration of the compromised system we can offer advice all day and still not answer the question. But reloading, using a new computer, and changing ISP is not a solution, it is an escape that should only be used if you can't fix the problem.
Maybe I am just old fashioned, but the way I see it is, if you got compromised once, and you don't know how, you don't know how to fix it, and you don't know who did it, then reloading or getting a new computer or anything else you do is just delaying you being compromised again. The best thing is to use the tools and information available to you and find out the Who What Where When Why and How's of the problem and fix it yourself. If a reload is necessary that is fine, as long as you understand what happened.