[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
Rootkits
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 122
Thread images: 9
File: permissionsWTF.jpg (574 KB, 1753x2317) Image search: [iqdb] [SauceNao] [Google]
permissionsWTF.jpg
574 KB, 1753x2317
Looks like my computer has one. Most likely person is a network administrator who's been stalking me. Should I contact the police immediately or try to remove my personal data off the machine first? Haven't had to deal with this before. I really don't want to have to reinstall Windows 7 and everything else.
>>
File: WTF2.jpg (3 MB, 3294x1950) Image search: [iqdb] [SauceNao] [Google]
WTF2.jpg
3 MB, 3294x1950
I should add that my computer always has anything related to remote access disabled immediately after the installation of the OS.
>>
>>52332041
Well, your personal data probably has already been copied / stolen. Police won't really do fuck all... So either way, your fucked.
>>
I don't get it, how does this indicate a rootkit?
>>
>>52332513
>I should add that my computer always has anything related to remote access disabled immediately after the installation of the OS.

What OP is saying, is that someone has a back door into his computer which is shown by all the permission stuff.
>>
Yeah, call the police, they'll get right on it.
>>
>>52332041
>using windows
>freaking out because of rootkits
are you retarded or what?
>>
>>52332068
After a clean install you shouldn't be affected.

Unless your hardware is compromised
>>
>>52332452

Thanks for the useful advice. I guess I'll go kill myself now.
>>
>>52332564

Exactly. Thank you for explaining it better than I could.
>>
>>52332564
It looks like those permissions are default though, judging by my own PC's permissions for that object
>>
>>52332582

He's been monitoring me for a while and the last time the police told him to leave me alone--and he hasn't stopped.

If you can suggest another solution, whitehat or blackhat or otherwise, share your knowledge.
>>
>>52332655

It's such a pain but probably the only solution. Thanks.
>>
>>52332707

I change all the defaults after setup.
>>
>>52332655

Can it be determined if the hardware's fucked without reinstalling?
>>
What got a network administrator to stalk you? Is all your personal information on that machine? Like others said, if you indeed have a rootkit, it's already compromised. Boot from another media with a live USB or whatever, copy what's important somewhere, making sure not to grab executable files, then perform a clean install.
>>
>>52333469
What I don't get is that rootkits are SERIOUSLY rare on Windows systems after Vista. Almost impossible to pull off without very advanced, NSA level trickery. If their only evidence is permissions on a file changing then that's not... much
>>
>>52333604
It's still a reason to believe his system is compromised. If something changed a [I think it's a system file] file's permissions to "Everyone", it sure wanted free access to it from elsewhere.
>>
You could boot an Linux life cd and use that to back up all your data (that way they can't continue to contact your PC) and then call the police if they might have stolen anything harmfull. Otherwise backup your data, change all your passwords and reinstall Windows (maybe clone the hdd as evidence)
>>
>>52333109

he hardware is most likely not impacted. theoretically it may be possible, but there are so many different types of hardware. the common malware just runs on win32, maybe win64, that's it.
>>
>>52333469

I'm a femanon who rejected his much older married-ass's attempts to fuck me.

He didn't listen when I said no the last time we saw each other so I told his wife that he was cheating on her. Abusing the permissions he has due to his netadmin status at the company where we both worked he then monitored me for a couple months, read my emails, etc (and the company does not monitor their employees online as part of their SOP) and mailed a disturbing, threatening letter to me to home.

This all happened was over three years ago and the guy is still watching me. It's really creepy.
>>
>>52333815

Thanks. Are there any screenshots I could post which you'd find informative to be able to tell me more?
>>
Another solution is to not use Internet, just stay standalone and you'll be just fine OP
>>
>>52334141

I'm on a completely different system and ISP to be>>52334141
online atm.
>>
>>52334063
Sorry to hear that. That type of thing is depressingly common enough that there are specific laws against it in some countries now. If you're not in one of those countries, you know what to do.

What they say above is legit. He's very very probably not good enough to infect hardware: outside of proofs of concept that is literally NSA tier.

Win 10 is actually safer there, bizarrely enough. It makes a rootkit's job fucking hard. But first thing to do is grab a known clean, pressed, CD-ROM boot disc. Linux or Windows. Clean install that shit. Don't back up any executables. That includes MS Office files that may have macros, or PDFs. And pull the LAN plug before you do it.

Any other machines on your network should also be suspect, as should your router, and your phone. Serious talk: check for cameras.

Stay safe, hun. I've been stalked, I know how it feels. You can fight this. - fellow femanon
>>
Just to clarify. When you say my computer do you mean a company computer that you use or a your home computer? I'm asking because how did a system administrator even get access to your computer.
>>
>>52334583
Few simple ways, potentially?: figure someone might work from home, an attacker could feed them a trojaned VPN client? Know their name? An attacker could try to find their Failbook/etc, guess email, spear phish from there?

So that's the kind of thing you need to be looking out for, I guess.
>>
>>52334583

Which one of my posts are you referring to?
>>
>>52334576

I'm in Canada.

The whole home network has been off--unplugged and disconnected--for a while. My Windows tower I built without a wireless card on purpose. My Linux machine has the wireless disabled isn't online via Ethernet since everything is down atm because the modem is offline. My phone uses a different ISP entirely and is never used on any wireless networks.

I appreciate your reply and advice. Thank you.
>>
File: ab.jpg (185 KB, 800x640) Image search: [iqdb] [SauceNao] [Google]
ab.jpg
185 KB, 800x640
Reformat
>>
>>52334875
The computer being discussed is a:
a) work issued computer
b) personal computer that you purchased yourself or received as a non-work related gift

Your dodging of the question makes tells me think this is a work issued computer.
>>
>>52335120

If I format just the drive with the OS and not the other drive where I store my files would that work? Or should I pull out the data drive entirely before formatting?
>>
>>52333109
if the hardware was compromised you wouldn't be in this position because there wouldn't be any evidence
>>
>>52332041
you sound like a bikeshedding retard op.

no you dont call the police, you call your IT department. and you read/agreed to the terms of service. if you don't like it, you can just quit, and not have a job for a while.
>>
>>52334063
>fem
ahh, ok. so instead of coming up with a rational explaination, like this could be a blanket corporate policy, you want to be treated differently because you have two X chromosomes?

nobody cares about your ugly ass enough to monitor what you do, unless, of course, you have given the business probable cause to monitor you because you committed something related to fraud
>>
>>52335219

The first incident involving the email and letter occurred on a work computer (mine and his).

The most-recently discovered stalking (he clicked on an IP-logging link I'd posted to FB) was just involving him on his work computer--it's to the same government-owned static IP address from a few years ago. This possible rootkit issue would be on my home computer.
>>
>>52334875
bitch, dose the business own the computer or do you own the computer, its a simple fucking question.

you already answered it by dodging it though, the business owns the computer, and they can do whatever the fuck they want to it
>>
>>52335289

As in he'd be able to completely cover his tracks? Or he would have had to physically interact with my computer's hardware somehow?
>>
>>52335381
a home computer meaning a work computer that was brought into your home? because that's still a work computer, and they can still do whateer the fuck they want with it.

you, on the other hand, cannot do whatever the fuck you want to do with a work computer. that's why you're supposed to not be a cheap bitch, and buy your own personal macbook pro.

how did you even get this job, you seem pretty stupid right now
>>
>>52332041
>I THINK MY COMPUTER HAS A ROOTKIT
>CALL THE PO PO
>>
>>52332068
nothing out of the ordinary here. bitch be trippin
>>
>>52332068
normal SCCM tasks. (IT admin 7 years)

are you having a psychotic break?
>>
>>52332722
You install a linux like a sane person.
>>
>>52335276
Scan it with some bootcd before and unplug it while reinstalling just in case. Rootkit shouldn't be on it but check if it didn't pull in any other crap. Be sure to format the os drive properly.
>>
>>52335329

If you'd read my posts you'd know that when the stalking started he and I worked for the same company and he was and is the netadmin there.

Telling his boss and my boss did absolutely nothing. I'd even warned them I was worried about this right after the rape happened and still they did nothing. I also said that my workplace did not monitor that staff's computer activities--there was nothing signed agreeing to surveillance.

But all of that was years ago and I don't work there anymore. However the static IP address he's stalking me on social media with these days is the same government-owned one that he used before.
>>
>>52334063

Chances are you're probably lying you stupid cunt. Fuck off.
>>
>>52335373

My response to the post above yours will clear up your misunderstanding.
>>
>>52335573
you aren't being stalked.

>>52335589
you aren't being stalked.

you are just trippin
>>
>>52332659
>I'll go kill myself now
this is nice rootkit

Why don't you examine the bytecode? Maybe you could find out something about what data was stolen. IF data was stolen.
>>
>>52335402

I said it involves a personal computer and I clarified that issue above. No reason to be rude to me just because your reading comprehension is terrible.
>>
>>52332041
Get a Mac. There's a good chance that script kiddie won't be able to fuck with it as long as you're not fucking retarded enough to give it to him.
>>
>>52335658
>get a virus from her horse porn website and pirated software

>le consiracy, it must be the person at work who hates me because i'm this important

illusions of grandeur

do you have children? do they use the computer?

did you get a virus? really? are you sure?

do you know what the advanced persistent threat is? do you know what a botnet is?
>>
>>52335426

Home computer meaning computer in my house that I built myself that uses the home network I have set up via a residential Internet plan.

Do you understand now that the computer referenced in my post has nothing to do with any workplace?
>>
>>52332041
Run a kamikaze linux USB, backup important stuff, dont backup useless stuff, reformat.
Get rid of USB.

Want to go full paranoid? get rid of your HDD, firmware rootkits are a thing.
>>
>>52335705
ok bud
>>
why are you fucking idiots replying to this thread as if its real? i mean holy shit normal windows installs dont even have those options to view.

if anything this is simply a work computer, end of fucking discussion and you are all fucking tools
>>
ITT the fucking mongol who does run random .exe files not even knowing what it means
>>
>>52332784
A windows update probably changed them back. Windows is GARBAGE after all.
>>
>>52335720

How does Kamikaze fare compared to Kali?
>>
>>52335732

>if anything this is simply all made up

somewhere on /b/ there is a troll thread

>you roll dubs go to /g/ and pretend to be rootkitted
>if it's trips pretend to be a gurl while doing it
>>
File: 1443885398355.jpg (171 KB, 1024x768) Image search: [iqdb] [SauceNao] [Google]
1443885398355.jpg
171 KB, 1024x768
Upload the rest of what's left of your data and we will tell what has gone missing.
>>
>>52335778
oh jeez oh jeez oh jeezz

lmfao

well, for one, if you can manage to use kali, you should probably be working for the CIA or the NSA or MI5, because that means you're the most 1337 hacker of all time
>>
>>52335053
You sound completely batshit.
>>
>>52335785
of course its made up, and all of the fucking high school kids flock to retarded geeksquad threads like this to try and act smart.

op at least took a picture of the screen and posted it instead of taking a screenshot, so i will give him credit for playing the role well.
>>
>>52335773

I know it is. I'd go strictly with Linux but doesn't have everything I need to use and do for university.>>52335768
>>
>>52335822
>my job
>now suddenly in univeristy
confirmed for troll, or someone we don't want to help
>>
>>52335822
Run windows in a virtual machine
>>
how about you go shit up the quora forums with this dumbass question since you don't trust any of the valid answers you've gotten here

(you aren't being stalked, you're just trippin)
>>
>>52335814

And you sound like you're going to die alone and unloved because nobody can stand being around an asshole like you.
>>
>>52335817

op should have posted a picture of some lady from tumblr with her clams out
that would have had a better response rate
>>
>>52335849

Try reading the thread since you're confused and talking nonsense.
>>
>>52335872
Ironically my girlfriend is pushing for me to engage

You say it as if I'd care about dying alone anyway

zozzle
>>
>>52335872
bitch you better start picking out a cat to match your wallpaper, because nobody is gonna marry a conspiritard cunt like you
>>
>>52335870

I said thanks to everyone who gave useful feedback and will be leaving this thread shortly to try some things out.
>>
>>52335872
O SHIT O SHIT O SHIT
that nigga now the australian bush land cause, holy fuck he just got burrrrrnt!
>>
Logic (from the Ancient Greek: λογιkή, logike)[1] is the branch of philosophy concerned with the use and study of valid reasoning.[2][3] The study of logic also features prominently in mathematics and computer science.
Logic was studied in several ancient civilizations, including Greece, India,[4] and China.[5] In the West, logic was established as a formal discipline by Aristotle, who gave it a fundamental place in philosophy. The study of logic was part of the classical trivium, which also included grammar and rhetoric. Logic was further extended by Al-Farabi who categorized it into two separate groups (idea and proof). Later, Avicenna revived the study of logic and developed relationship between temporalis and the implication. In the East, logic was developed by Hindus, Buddhists and Jains.

Logic is often divided into three parts: inductive reasoning, abductive reasoning, and deductive reasoning, none of which, the OP seems to have.
>>
>>52335914

It's cute and sad that you assume that all women care about is marriage.
>>
File: face.jpg (275 KB, 1000x1000) Image search: [iqdb] [SauceNao] [Google]
face.jpg
275 KB, 1000x1000
>>52335960
>>
>>52335942

Found the philosophy major.
>>
>>52335879

Damn. And there won't be a next time either. Oh well.
>>
>>52335981
found the plato subscriber
>>
>>52335999

Actually it's Zapffe.
>>
i am legend
>>
>>52336009
found the philosophy major (see what i did ther)
>>
>>52335981
actually it's mathematics and computer science, you know, something challenging and prestigious?
>>
you have mental illness

install psychiatrist
>>
its 2 l8 4 u op

i hav ur noodz

pasting on faacebook rite now
>>
>>52336042
*kickflips bowler hat*
>>
>>52336080
>bowler
fucking trash. I'll have you know I only wear the finest traditional wide brimmed fedoras.
>>
>>52336027

Close but not quite.
>>
File: 1370139269503.png (95 KB, 295x237) Image search: [iqdb] [SauceNao] [Google]
1370139269503.png
95 KB, 295x237
>>52336061

>not psychiatristoo

damn anon, you had one job
>>
>>52336042

Cool! I'm studying Law. : )
>>
>>52336166
o i am laffing
>>
>>52332041
Why would a rootkit bother to change permissions for that (or at all)?
>>
>>52335573
>Telling his boss and my boss did absolutely nothing. I'd even warned them I was worried about this right after the rape happened and still they did nothing
Isn't he in jail then?
>>
>>52335573
define "rape"
>>
WTF happened to this thread

Go back to /r9k/ you sad fucks
>>
>>52336890
>>
>>52335634
this tbqh
damage control is quite important
>>
File: 1414389285622.jpg (99 KB, 375x500) Image search: [iqdb] [SauceNao] [Google]
1414389285622.jpg
99 KB, 375x500
>>52332722
ask anonymous for help
they'll start a tweetstorm and ddos his boxes
>>
>>52334063
>I'm a femanon
>so I told his wife that he was cheating on her
inb4 victim blaming but why didn't you talk this through with someone trustable like a friend or a fucking lawyer?
If you haven't done that yet do it right the fuck now.
>>
>>52332041
Use a tinfoil hat you fat fuck
>>
>>52332722
If that's a computer owned by the company you work for, fuck right off. Doing any personal business or having personal data on your work machine is unbelievably stupid and will in your case probably get you fired.
>>
>>52336178
>implying lrning2argue is difficult

nobody cares, fedora
>>
>>52336411
no because she is lying about everything and just trying to get out of doing work
>>
>>52334063
doubt anybody wants to fuck a fat neckbeardetteo like yourself
>>
>>52334063
he wasn't cheating on his wife. he perhaps wanted to cheat on his wife, but he did not.

someone who's studying law, supposedly, would know that.

nice troll attempt, but your entire story is unraveling
>>
>>52332041
Anonymous login is used by the system and for services. Things such as Kerberos, attempts to reach a DC, expiring passwords, and service accounts doing their job will trigger an anonymous login. If you check your logs this will usually be filtered under 0xo, 0xe, 0x18

For rootkits and general botners you need to be more worried about your network traffic.
>>
>>52336593

he got on an elevator with me and I felt uncomfortable
>>
>>52334063
>rejected his attempts to fuck me
>whenever he was nice to me I would snap back and feel like I won that one
>>
what a fucking tech illiterate faggot you are, OP. I've been sysadmin for 10 years and you must be one of the biggest faggots lately I've witnessed.

Number of things can change windows permissions, namely winshit's updates.

By all means, go to the police. You'll end up getting charged yourself because of your stupidness. I'm really sorry for your coworkers that they have to put up with you.

This has to be a bait. Ugh I hope so.
>>
>too paranoid to use wifi
>photo instead of screenshot
>uses windows, does not want to format
kek
>>
>>52332041
Do you mean a network admin at your work?

Is this a work machine?
>>
>>52342042
yeah seriously, formatting is a part of the windows experience, my disk could die tonight and I'd be back at full capacity tomorrow.
>>
does GMER turn up anything? can't remember if that's what i used to use or if there's something better out now, but otherwise you might want to chalk it up to windows updates not giving a shit.

alternatively, set up a bridge with a packet sniffer?
>>
>>52333815
>theoretically it may be possible
Stop it, just fucking stop.
>>
>>52334063
please be in London
>>
>>52332659
well, you can find out who did this first, and take him with you.

I don't know if there are easy tools for this, but you probably can track this guy down.
>>
File: 1328420401063.jpg (55 KB, 340x310) Image search: [iqdb] [SauceNao] [Google]
1328420401063.jpg
55 KB, 340x310
>>52334063
>and the company does not monitor their employees online as part of their SOP
>>
>>52336178
wasting your time. change to something useful while you can.
>>
>>52343876
I know right. It's like saying the government won't monitor me because it's againdt the law
>>
Install a firewall. Block everything but your browser.
Thread replies: 122
Thread images: 9
Thread DB ID: 390035



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.