Forum Settings
       
Reply To Thread

Some Techie help please. (was forum=28)Follow

#1 Apr 07 2008 at 2:30 PM Rating: Good
I have a question to pose to those of you who are versed in PC's:

How would someone be able to wipe all passwords across my office PC? What the hell are they doing to this computer?


Backstory: We have been cracking down on crap being viewed/downloaded/visited on our office PC. We have enabled a block on all non-essential websites, for those who do not have the level of adminastration needed here.

These kids were visiting MySpace, Vtunnel, You Tube etc, and viewing/downloading/copying ****, dowloading music etc., etc.. And bringing massive pop ups and virus' with each visit to some of these websites and various proxy sites.

Now we were successful in enabling the block and it lasted for about a month, and was still working on Saturday. But I came in yesterday morning to find, every single password wiped from the system. Even the passwords for our websites where wiped.

We were succesful in enabling the block again, but it is effecting the rest of the local network here.

What the hell did these kids do to this computer? Anyone know what they'd be plugging in to this PC?

I'm not computer literate, far from it. All I know is that this PC is a Compaq, with a Yamaha CD/DVD drive, and running on Windows XP. It's a fairly old comp running on a Pentium 4.



If you would know what they are doing, even a remote idea, please let me know. Thank you.^^
#2 Apr 07 2008 at 2:31 PM Rating: Decent
TECH SUPPORT FORUM!
#3Smasharoo, Posted: Apr 07 2008 at 2:32 PM, Rating: Sub-Default, (Expand Post) [b]
#4 Apr 07 2008 at 2:50 PM Rating: Decent
You are the kind of person most people at this forum hate. The illiterate IT guy who wants all fun to stop

Edited, Apr 7th 2008 6:50pm by Planks
#5 Apr 07 2008 at 3:11 PM Rating: Decent
The appropriate way to get a techie's help is to post this same post into a thread titled: HAY USAGI DESU DESU inside.

Edited, Apr 7th 2008 7:11pm by Araxius
#6 Apr 07 2008 at 3:13 PM Rating: Good
Planks wrote:
You are the kind of person most people at this forum hate. The illiterate IT guy who wants all fun to stop

Edited, Apr 7th 2008 6:50pm by Planks


It's not usually that the IT people want the fun to stop, it's that the companies don't want to pay their employees to do things that are personal in nature, and don't benefit the company at all. That said, I guess I should get back to work.
#7 Apr 07 2008 at 4:12 PM Rating: Decent
Worst. Title. Ever!
*****
17,302 posts
Now, when you say wiping all the passwords, even ones on your websites. Do you mean saved username/passwords for logging into various things?

That'd be an easy one. Basically they found out that you are trying to track their personal business while using the office computer, so they just cleared cache, deleted personal info, etc. to try and get rid of any evidence of where they might have gone.

Not only does clearing out the history, cache, etc, remove the easily seeable traces of where someone went, it also deletes stored username/password information.

Trying to play IT guy and block access on a computer when the people using the computer know more about it than you, doesn't quite work.

You could always do what our IT guy does to the few computers on our factory floor. Go into internet options, click the use proxy box, fill it out with bogus info. Modify the hosts file to deny access to the most popular slacker sites.

Of course, these are basic things that are easily undone by the knowledgable. If it's an office computer, people can/will sit down at it for hours to undo what ever you do to try and block access. Ours are on the factory floor, where supervisors can easily see if anyone is standing around at a terminal for too long (used only for production data recording once you finish a job).


One question for the more knowledgable out there. If you set up a computer with ICS, is it possible to make all the computers networked to it, accessing the internet through it, to use that computers HOSTS file? If possible, you could make it a computer that has very limited access, and block the sites there, not allowing any other computer that uses that network to connect to certain sites, regardless of what they do with their own HOSTS file?
____________________________
Can't sleep, clown will eat me.
#8 Apr 07 2008 at 4:49 PM Rating: Decent
NaughtyWord wrote:
TECH SUPPORT FORUM!



I didn't even know this forum was on this website. OoT, is an out of topic forum as the name suggests. Which leading those, such as I who didn't know about the Tech Forum, would utilize. >.>
#9 Apr 07 2008 at 4:56 PM Rating: Decent
Planks wrote:
You are the kind of person most people at this forum hate. The illiterate IT guy who wants all fun to stop


We, being my immediate supervisor and myself, being a supervisor myself are the kind of people who would like to be able to use the internet too. Without having to worry about pop-up after pop-up of ****, or having to worry about virus' stealing personal info. >.>

You, judging by your reply, seem to be like these damned kids. Who think something that doesn't belong to them, is theirs. Which leads them not to do their job, and ***** around all day forcing people like me to do more work, for barely more pay. If that's what you're implying?, than so be it. Enjoy living at home with mommy and daddy your entire life.

And how does literacy have anything to do with computer knowledge?

Reading comprehension, does not eqaute to computer comprehension.

Might I suggest you brush up on your literacy before saying I have none?


>.>

Edited, Apr 7th 2008 7:01pm by Nuhnisgodly
#10 Apr 07 2008 at 5:09 PM Rating: Decent
Worst. Title. Ever!
*****
17,302 posts
Nuhnisgodly wrote:
And how does literacy have anything to do with computer knowledge?

Reading comprehension, does not eqaute to computer comprehension.

Might I suggest you brush up on your literacy before saying I have none?



Ummm.

Nuhnisgodly wrote:
I'm not computer literate, far from it.


I'm pretty sure he did not mean reading literacy, just as you did not. No need to make a mountain out of a mole hill. You shouldn't use a term in a certain context, then try to flame someone else (regardless of how much of a jerk he/she may be) for using that same term in the same context.


On subject: Hire a real IT guy, or if you can't find one, get one of these 'kids' that know more than you.

Edited, Apr 7th 2008 9:10pm by TirithRR
____________________________
Can't sleep, clown will eat me.
#11 Apr 07 2008 at 5:25 PM Rating: Decent
Thank you for your reply. ^^

TirithRR the Mundane wrote:
Now, when you say wiping all the passwords, even ones on your websites. Do you mean saved username/passwords for logging into various things?


Yes. We have a block on to filter our websites. And also the passwords on the websites here.


TirithRR the Mundane wrote:
That'd be an easy one. Basically they found out that you are trying to track their personal business while using the office computer, so they just cleared cache, deleted personal info, etc. to try and get rid of any evidence of where they might have gone.



We have caught them doing this numerous times, and the virus' and pop-ups were the reason we caught them deleting the histories. Basically the admin block was an attempt to force them to stop. Even though they kept deleting the histories, we were just having too many problems on the local network and this PC to ignore it any longer.

TirithRR the Mundane wrote:
Not only does clearing out the history, cache, etc, remove the easily seeable traces of where someone went, it also deletes stored username/password information.


See I don't understand why they do this everytime. They spend so much time trying to cover up their tracks, yet I can use Yahoo or Google to do the same, with no effort. I use Yahoo everyday to stop anyone from seeing what I have viewed, it doesn't show up in the history at all.

TirithRR the Mundane wrote:

Trying to play IT guy and block access on a computer when the people using the computer know more about it than you, doesn't quite work.


Yeah, I'm not the IT guy, I'm just the enforcer of it, lol.


TirithRR the Mundane wrote:
If possible, you could make it a computer that has very limited access, and block the sites there, not allowing any other computer that uses that network to connect to certain sites, regardless of what they do with their own HOSTS file?


We have a company regulating our internet, we have MySpace completely blocked off from any computer access here at our station. Of course Vtunnel will still allow access to it.


Thank you for your reply^^



Edited, Apr 7th 2008 7:30pm by Nuhnisgodly
#12 Apr 07 2008 at 5:26 PM Rating: Decent
TirithRR the Mundane wrote:

Ummm.


I know, I'm giving him crap for being an a$$ about it.

If it throws him, then I'm happy.
#13 Apr 07 2008 at 5:28 PM Rating: Decent
TirithRR the Mundane wrote:
On subject: Hire a real IT guy, or if you can't find one, get one of these 'kids' that know more than you.


We have one, but he is currently out of town and won't be back for quite some time.

He does have the ability to shut the internet off at anytime from anywhere, in this building. Which he did yesterday, but he won't be able to see what's actually going on with this PC til he gets back. ><
#14 Apr 07 2008 at 5:36 PM Rating: Decent
Worst. Title. Ever!
*****
17,302 posts
Nuhnisgodly wrote:
TirithRR the Mundane wrote:
Not only does clearing out the history, cache, etc, remove the easily seeable traces of where someone went, it also deletes stored username/password information.


See I don't understand why they do this everytime. They spend so much time trying to cover up their tracks, yet I can use Yahoo or Google to do the same, with no effort. I use Yahoo everyday to stop anyone from seeing what I have viewed, it doesn't show up in the history at all.


Oh, it does, just not necessarily in the drop down bar. People can find and see exactly what you are searching for in Yahoo/Google.

The drop down bar only records URLs that are typed into it. The actual history records all sites visited, regardless of whether or not it's typed into the address bar or accessed from a link in a forum/search egine.

There are even records of all the data you input into various text fields on websites. These are stored under Internet Explorer's "Auto Complete" by default, even if it doesn't auto complete them.

Your computer records plenty of things that you don't readily see. Clearing cache, history, and other personal data (options that are easily available on other clients like Firefox and Opera) removes a lot of this hidden, stored data. Most people, when using these options, just choose the "Everything" option to try to get the most data cleared. This clears stored users/passwords as well.
____________________________
Can't sleep, clown will eat me.
#15 Apr 07 2008 at 5:48 PM Rating: Decent
TirithRR the Mundane wrote:
Oh, it does, just not necessarily in the drop down bar. People can find and see exactly what you are searching for in Yahoo/Google.

The drop down bar only records URLs that are typed into it. The actual history records all sites visited, regardless of whether or not it's typed into the address bar or accessed from a link in a forum/search egine.

There are even records of all the data you input into various text fields on websites. These are stored under Internet Explorer's "Auto Complete" by default, even if it doesn't auto complete them.

Your computer records plenty of things that you don't readily see. Clearing cache, history, and other personal data (options that are easily available on other clients like Firefox and Opera) removes a lot of this hidden, stored data. Most people, when using these options, just choose the "Everything" option to try to get the most data cleared. This clears stored users/passwords as well.


Yeah, I knew it was stored somewhere, just didn't know where :P. But fortunately for me, I am a very honest person and always admit what I have visited. So maybe that's why no one has told me I couldn't use the internet as well. That and my immediate supervisor, is barely more computer literate than me, lol.

Maybe that is how they disabled the block in the first place, and then did it again after they visited the websites they wanted too.

My immediate supervisor had an idea that they plugged in something with Firefox on it, to record the password for the block. And then proceeded to disable everything, essentially a "backdoor" if I caught what he was saying correctly. But idk.
#16 Apr 07 2008 at 6:09 PM Rating: Decent
Bump, to actually see what's been posted. Dumb internet. ><
#17 Apr 07 2008 at 6:12 PM Rating: Decent
Worst. Title. Ever!
*****
17,302 posts
Nuhnisgodly wrote:
Bump, to actually see what's been posted. Dumb internet. ><


Nothing's being posted, it's just a forum fluke. There is a copy of the original thread before it was moved, that doesn't really exist, that a few replies were made in. Those replies get counted at the forum view for this thread, but not displayed in this thread.
____________________________
Can't sleep, clown will eat me.
#18 Apr 07 2008 at 6:19 PM Rating: Decent
TirithRR the Mundane wrote:
Nuhnisgodly wrote:
Bump, to actually see what's been posted. Dumb internet. ><


Nothing's being posted, it's just a forum fluke. There is a copy of the original thread before it was moved, that doesn't really exist, that a few replies were made in. Those replies get counted at the forum view for this thread, but not displayed in this thread.



ROFLMAO!

See what I mean about being computer illiterate? I suck at it, I just know how to operate it, lol. :P
#19 Apr 07 2008 at 6:27 PM Rating: Excellent
Avatar
******
29,919 posts
Easiest way to crack that on a non domain PC (which I suspect this is) would be to just boot it to a knoppix CD or something and delete the password store entirely.
____________________________
Arch Duke Kaolian Drachensborn, lvl 95 Ranger, Unrest Server
Tech support forum | FAQ (Support) | Mobile Zam: http://m.zam.com (Premium only)
Forum Rules
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 42 All times are in CST
Anonymous Guests (42)