Punkrulz
Somewhat eXPerienced
- Joined
- 24 Dec 2001
- Messages
- 790
I was hacked, in a sense. Apparently when I got home from work today, the very first thing I notice when turning on my monitor is that there is a new useraccount on the login screen: "IUSER". The person probably created the account to try and convince me that it's a Windows System account and that it's fine to keep there.
After logging into my machine, the second thing I notice right off the back is that my nicely organized icons are now all merged to the left hand corner of my screen... this is usually induced by a login of Remote Desktop Connect, and the host screen resolution is lower than the resolution the host is connected to. So right off the back I'm checking my logs.
There are a whole bunch of instances where the tlntsvr - Telnet Service is started and stopped successfully. There are even more logs, that state that there is a pending document deletion on 6MP HP Laserjet - Back on user (MGUEST), as well as (JASON)... What's funny? That printer name [as well as the other failed attempts' printer names] are the names of the printers at my old job, at the internet company. MGUEST and JASON: Two old co-workers, one still works there, other doesn't.
The other kick in the butt? There is an error about printing documents from the domain controller address for the DC at the internet company... I've got cold hard proof that the attack was done at my previous job. Now, I think that it may be possible for there to be an old login on an old machine that I used in the past that they may have gotten it... but 1) I don't think I've ever saved my password, and 2) I could swear both machines I've ever used there were formatted...
So in any case...
1) Is there any way of tracking the exact IP address, so I can help my old manager determine who it was [easier than how he's going to do it, computer to computer checking logs and ****]
2) Funny thing is they are now calling me to hire me back... but they are completely unrelated, just a coincidence... is there any way I can press charges? Sue, perhaps? I mean, while they may have had an easy way to get in, it was still wrong of them to enter my computer... sort of like entering a house with the door unlocked, it's still illegal...
Little help guys?
After logging into my machine, the second thing I notice right off the back is that my nicely organized icons are now all merged to the left hand corner of my screen... this is usually induced by a login of Remote Desktop Connect, and the host screen resolution is lower than the resolution the host is connected to. So right off the back I'm checking my logs.
There are a whole bunch of instances where the tlntsvr - Telnet Service is started and stopped successfully. There are even more logs, that state that there is a pending document deletion on 6MP HP Laserjet - Back on user (MGUEST), as well as (JASON)... What's funny? That printer name [as well as the other failed attempts' printer names] are the names of the printers at my old job, at the internet company. MGUEST and JASON: Two old co-workers, one still works there, other doesn't.
The other kick in the butt? There is an error about printing documents from the domain controller address for the DC at the internet company... I've got cold hard proof that the attack was done at my previous job. Now, I think that it may be possible for there to be an old login on an old machine that I used in the past that they may have gotten it... but 1) I don't think I've ever saved my password, and 2) I could swear both machines I've ever used there were formatted...
So in any case...
1) Is there any way of tracking the exact IP address, so I can help my old manager determine who it was [easier than how he's going to do it, computer to computer checking logs and ****]
2) Funny thing is they are now calling me to hire me back... but they are completely unrelated, just a coincidence... is there any way I can press charges? Sue, perhaps? I mean, while they may have had an easy way to get in, it was still wrong of them to enter my computer... sort of like entering a house with the door unlocked, it's still illegal...
Little help guys?