I'm not putting my ss# on my computer. He keeps on getting the passwords for my school account and my school account has all my info on it, which he printed out.
Logfile of HijackThis v1.99.1
Scan saved at 2:08:57 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.njit.edu/
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
ZoneAlarm is a good idea. You can have it report all attempts at inbound trafic.
You also need to make sure that you turn off your NIC when you don't need to be using the network.
Has he tried to use your info to do anything? Could you set him up to steal some planted info?
If someone watched my machine with a key logger they would have my SSN. I have entered it onto forms for internet banking and such.
That may be the ticket. A bank account, with almost no money in it. Would he try to steal it? The feds are very fond of that action.
Hold on, he is stealing the info from the schools server, than that means that the schools server is not secure, which is probably a violation of more than a few federal laws, if not state laws also. I would contact school officials also, and let them know, Servers that are storing sensitive data should be locked up tighter than fort knox.
Hold on, he is stealing the info from the schools server, than that means that the schools server is not secure, which is probably a violation of more than a few federal laws, if not state laws also. I would contact school officials also, and let them know, Servers that are storing sensitive data should be locked up tighter than fort knox.
as an it dude in higher ed, the school could ABSOLUTELY get raked over the coals if this is the case. i can't tell you specifics but we almost got introuble for something along the lines of keeping our stash of tums in the wrong cabinet...
anyways, this is serious, and if he has access to school recods on a school machine, then he has access to *everyone* not just you. in this case, you MUST advise both the school as well as the authorities, and i'd do my best to get my hands on a copy of whatever he printed out.
this is no joke man. any evidence you have now, unless you can prove he put a keylogger on your machine (which is what it sounds like), is purely circumstancial. incredibly strong evidence mind you, and plenty to make a case on, but something tangible would seal the deal.
also, get in touch with the local newspaper.
nothing lights a fire under a gov't worker's arse like publicity!!
USD's school network was broken into via print server at the beginning of the year. Anyone on federal work-study had their information stolen, everything from everyone except one thing: SS#s.
A few weeks ago my girlfriend received a noticed from the California Tax Board stating she owed $360+ in fines and unpaid taxes. It had stated that she was working for a company near San Jose during her enrollment at USD, and had made over $4,000 in earnings requiring her to file for taxes. All the information was correct from the W-4 form they had sent her aside from the SS#. While we can't say whether or not it was taken from the school and used, it certainly puts up some red flags.
This tax claim was obviously bogus, as she'd only made around $500 in the period of time from Sept. to Dec. - the period she was in school that year. On top of that, the Federal Work-Study program is already government money, they cannot tax the earnings made because it essentially works the same as a grant would...the difference being you earn the money though work on campus.
Suffice to say it is causing much stress, concern, and headache on her end. She now has to go to the countless effort of proving that she didn't work for this company, and that her information was somehow taken at put on the W-4 form reporting these false earnings.
Make sure that you smack this guy down, for me. Friend of a friend or not, he's still acting maliciously with the intent of selling information to the highest bidder to create strife is some pour soul's life.
i'd say ruin the dudes life right now because he is messing with ur SS, witht hat you can do sooOOOO much man... i've got credit card fraud liek 3 times because someone from my work stole my ss..they can do a lot with it...so i suggest going to the authorities..i can understand everything cept messing with someones social number..identity theft is a biatch and it will be hard to prove...just wait till someone opens up a cc account then goes onto alienware and buys a 5k laptop
Comments
Scan saved at 2:08:57 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\program files\seekmo\seekmo.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\telnet.exe
C:\Program Files\Ethereal\ethereal.exe
C:\Program Files\Ethereal\dumpcap.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.njit.edu/
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.njit.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "84560002.s");
user_pref("timebomb.first_launch_time", "1084559983500000");
user_pref("wallet.SchemaValueFileName", "84560002.w");
user_pref("browser.helperApps.neve
N3 - Netscape 7: # Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the browser is running,
* the changes will be overwritten when the browser exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
user_pref("browser.startup.homepage", "http://www.njit.edu");
user_pref("browser.startup.homepage_override.mstone", "rv:1.4");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("signon.SignonFileName", "84560002.s");
user_pref("timebomb.first_launch_time", "1084559983500000");
user_pref("wallet.SchemaValueFileName", "84560002.w");
user_pref("browser.helperApps.neve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo Search Assistant Helper /fleok=1D8A83A5C7E2147A9BAD75760EA83FA5EF80752B94E3D9765C7A46203FC3 - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/142e341da300a2e57e18/netzip/RdxIE601.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: IBM AFS Client (TransarcAFSDaemon) - Unknown owner - C:\Program Files\IBM\AFS\Client\Program\afsd_service.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
You also need to make sure that you turn off your NIC when you don't need to be using the network.
Has he tried to use your info to do anything? Could you set him up to steal some planted info?
If someone watched my machine with a key logger they would have my SSN. I have entered it onto forms for internet banking and such.
That may be the ticket. A bank account, with almost no money in it. Would he try to steal it? The feds are very fond of that action.
as an it dude in higher ed, the school could ABSOLUTELY get raked over the coals if this is the case. i can't tell you specifics but we almost got introuble for something along the lines of keeping our stash of tums in the wrong cabinet...
anyways, this is serious, and if he has access to school recods on a school machine, then he has access to *everyone* not just you. in this case, you MUST advise both the school as well as the authorities, and i'd do my best to get my hands on a copy of whatever he printed out.
this is no joke man. any evidence you have now, unless you can prove he put a keylogger on your machine (which is what it sounds like), is purely circumstancial. incredibly strong evidence mind you, and plenty to make a case on, but something tangible would seal the deal.
also, get in touch with the local newspaper.
nothing lights a fire under a gov't worker's arse like publicity!!
A few weeks ago my girlfriend received a noticed from the California Tax Board stating she owed $360+ in fines and unpaid taxes. It had stated that she was working for a company near San Jose during her enrollment at USD, and had made over $4,000 in earnings requiring her to file for taxes. All the information was correct from the W-4 form they had sent her aside from the SS#. While we can't say whether or not it was taken from the school and used, it certainly puts up some red flags.
This tax claim was obviously bogus, as she'd only made around $500 in the period of time from Sept. to Dec. - the period she was in school that year. On top of that, the Federal Work-Study program is already government money, they cannot tax the earnings made because it essentially works the same as a grant would...the difference being you earn the money though work on campus.
Suffice to say it is causing much stress, concern, and headache on her end. She now has to go to the countless effort of proving that she didn't work for this company, and that her information was somehow taken at put on the W-4 form reporting these false earnings.
Make sure that you smack this guy down, for me. Friend of a friend or not, he's still acting maliciously with the intent of selling information to the highest bidder to create strife is some pour soul's life.