Thief
Last response: in Windows 7
Hello,
my pc (windows 7, 64 bit) has been hacked by a professional thief by connecting my pc to his laptop and....?????... no idea what he did.
how and where can I see how he got into my system (log files etc ??). can I verify that he hacked the pc - I know the exact time when it happend....
thanks
my pc (windows 7, 64 bit) has been hacked by a professional thief by connecting my pc to his laptop and....?????... no idea what he did.
how and where can I see how he got into my system (log files etc ??). can I verify that he hacked the pc - I know the exact time when it happend....
thanks
More about : thief
ricno said:
How did this happen? The thief was physically at your computer? How did he connect your PC to his? Network cable?yes - I had my webcam on (motion detection), the monitor was off, so he did not see that a picture is taken. he was in front of my pc and connectedt his laptop to my pc - but how (network ? usb ? ) etc I don´t know. that´s what I want to find out.......
no idea what software to hack he used or any kind of backdoor? just not my field....
karl
Could have been either one. If he never went behind your computer then it was probably a USB connection as thats the only one found on most computers. Not sure of what tools are available, was the PC locked with a password he doesn't know? Might be time to reload windows and take some extra security steps. (disable guest account, turn off remote registry and remote access. Log on as a non admin, etc.)
Related ressources
- Thief 3 Graphic issue - Forum
- Thief mobile - Forum
- Thief 2 corrupt on window xp how can i fix it ? - Forum
- Thief 3 - Deadly Shadows Crashes in Audale - HELP!! - Forum
- Thief 3 deadly shadows - Forum
karl_21 said:
yes - I had my webcam on (motion detection), the monitor was off,Was the webcam on the computer that was attacked? It was powered on during this? The simplest way to access information on a computer with physical access is to boot from a CD, which then allows the attacker to take any information.
This was in your home or at the office? Was other things stolen or just your computer attacked?
it was at home, nothing else was stolen...... of only interest was the pc and the data.
the pc was on (otherwise the motion detection would not work), but monitor was off and pc was secured with my administrator password.
in the event log it only shows that the pc was rebootet and a usb was connected - so, probably he connected his laptop to my pc via usb and booted from his laptop, right ? but that´s our guess, no way to verify that (booted from cd or so ?), hmmm
thanks so far
karl
the pc was on (otherwise the motion detection would not work), but monitor was off and pc was secured with my administrator password.
in the event log it only shows that the pc was rebootet and a usb was connected - so, probably he connected his laptop to my pc via usb and booted from his laptop, right ? but that´s our guess, no way to verify that (booted from cd or so ?), hmmm
thanks so far
karl
karl_21 said:
it was at home, nothing else was stolen...... of only interest was the pc and the data.First I would say that this is a matter for the police. Second, are you having information on your computer that is of real value to anyone else, like running your own business or keeping sensitive company files at home?
If this thief actually broke into your home just to access your computer it must be something of real value, and you should act as if ALL of your data now is in the hands of someone else.
Also, if this thief entered with the sole purpose of accessing this information he was most likely equiped with a bootable CD that bypasses your ordinary operating system security. In such a situation I do not think a thief has the time to start "hacking" your computer, as in looking for weakness in missing patches or guessing passwords.
If he has physical access the "best" way would be to boot to something else, than transfer the data though USB to his laptop. If this was the way it was done then there will be no trace at your computer, other than it restarted.
Can you see the time between the shutdown and the restart in the Event Log?
for me, the event log is somehow confusing:
I get (in the right order)
winlogon
bonjour service (4x)
winlogon
desktop window manager
IJPLMSVC
bonjour service
windows error reporting
in another field of the event log:
USER32
Winlogon
service control manager (2x)
WinddowsUpdateClient
EventLog
service control manager (4x)
UserPnp
service control manager (3x)
DHCPv6-Client
service control manager (3x)
Dhcp-Client
service control manager (3x)
everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....
I get (in the right order)
winlogon
bonjour service (4x)
winlogon
desktop window manager
IJPLMSVC
bonjour service
windows error reporting
in another field of the event log:
USER32
Winlogon
service control manager (2x)
WinddowsUpdateClient
EventLog
service control manager (4x)
UserPnp
service control manager (3x)
DHCPv6-Client
service control manager (3x)
Dhcp-Client
service control manager (3x)
everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....
karl_21 said:
everything is documented by the time this was done.
when I came home (together with the police, pc was shut down) and he said he did nothing to my pc, only had his laptop there.....
The thief was caught by the police?
And your PC was shuted down when this happened? I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.
Has the police looked at his laptop to see if any information is from your computer?
karl_21 said:
he said he did not touch my pc, that´s why I have to proove it and from the event log I know he did it........If you have a picture from the webcam with him at a certain time and also can see in the eventlog that the computer was shutdown at the same time, then parhaps that could be proof.
However, I do not even have a guess what these digital evidences is worth in a legal way.
Please update the thread and tell us how it went.
^+1.
Is it this? http://en.wikipedia.org/wiki/Bonjour_%28software%29
If so, do you have iTunes,etc installed? If you do, then this is most likely caused by iTunes.
All the stuff you listed in Event log are normal. Really isn't much you can do.
Agreed. At least that's what any tech savy person would have done. Linux Live CDs are some powerful tools you know, esp. BT.
Quote:
bonjour service (4x) Is it this? http://en.wikipedia.org/wiki/Bonjour_%28software%29
If so, do you have iTunes,etc installed? If you do, then this is most likely caused by iTunes.
All the stuff you listed in Event log are normal. Really isn't much you can do.
Quote:
I still think that the thief entered your home, inserted the CD, connected the USB cable and then restarted. After this there will be no trace on your computer, but any information could have been transfered.Agreed. At least that's what any tech savy person would have done. Linux Live CDs are some powerful tools you know, esp. BT.
Related ressources:
- ForumThief 3 On windows 7 64bit.
- ForumHelp: Thief 3 Crashes before entering Auldale (after Cradl..
- ForumThief gold install xp
- ForumThief Gold no longer work on any of my XP boxes
- ForumI cant remember the name of a thief game
- Forumthief 2, blackmail mission:...is that a bug?
- ForumThief 2 and XP Problems
- ForumMulti Class Fighter/ Thief
- Forum[Solved] Product key for windows 7 professional 32 bit free
- More resources
Read discussions in other Windows 7 categories
