CyberSnooping Filter: What, if anything, did houseguest do to my computer?
December 21, 2008 9:48 AM Subscribe
Strange items found in Recent Documents folder make me wonder if a visitor has invaded my privacy and my PC! Can you tell me what they are and if I have cause for concern?
Recently I was gone for about two hours, leaving a visitor alone in my apartment- and I forgot to log out of Windows and internet before leaving.
Since it's relevant, let me say that this is someone I have not known for very long but already do not trust. (Yes, I know, leaving an untrustworthy person alone in my home is not a 'best practice'. It couldn't be helped, it's a family thing.)
This person knows a lot about computers; I do not. So I am hoping those in the know out there can help me.
While I was gone, they did use my computer to play a movie. But I wondered what else they did.
In the Documents listing on the start menu (which was empty when I left) there are now two items.
Both are Notepad documents: Client_Anonymous and Network_Anonymous [insert my name here].
These appear to be extensive logs / reports, full of dates and notations, but I don't know what they mean.
What would make these items appear in Documents... and why would someone be looking at them?
In the past, this person has said some things which made me wonder about spyware on my computer. McAfee and Spybot say there is nothing there. Should I be worried?
Other than NOT leaving unsupervised people alone with my system, is there anything else I should do to make sure that nothing is amiss?
THANKS!
Recently I was gone for about two hours, leaving a visitor alone in my apartment- and I forgot to log out of Windows and internet before leaving.
Since it's relevant, let me say that this is someone I have not known for very long but already do not trust. (Yes, I know, leaving an untrustworthy person alone in my home is not a 'best practice'. It couldn't be helped, it's a family thing.)
This person knows a lot about computers; I do not. So I am hoping those in the know out there can help me.
While I was gone, they did use my computer to play a movie. But I wondered what else they did.
In the Documents listing on the start menu (which was empty when I left) there are now two items.
Both are Notepad documents: Client_Anonymous and Network_Anonymous [insert my name here].
These appear to be extensive logs / reports, full of dates and notations, but I don't know what they mean.
What would make these items appear in Documents... and why would someone be looking at them?
In the past, this person has said some things which made me wonder about spyware on my computer. McAfee and Spybot say there is nothing there. Should I be worried?
Other than NOT leaving unsupervised people alone with my system, is there anything else I should do to make sure that nothing is amiss?
THANKS!
Those are Yahoo messenger logs. If you have messenger he was most likely reading your chat logs.
posted by damn dirty ape at 10:03 AM on December 21, 2008 [1 favorite]
posted by damn dirty ape at 10:03 AM on December 21, 2008 [1 favorite]
Also if you right-click on those files and click on Properties, you'll see the path they live in. It should read something like C:\program files\yahoo\yahoo messenger.
posted by damn dirty ape at 10:06 AM on December 21, 2008
posted by damn dirty ape at 10:06 AM on December 21, 2008
Next time you have to leave an untrustworthy family member in your apartment (I know it's not your question, but I think that's the larger issue here) at the very least password-protect your computer. A determined computer savvy person can get around it, but it's a deterrent. If he/she says anything about it, say something like "oops! I guess I left the passsword on! Sorry!".
posted by DMan at 11:37 AM on December 21, 2008
posted by DMan at 11:37 AM on December 21, 2008
About the files: Look at the file properties [right click, properties] and see when they were modified and/or created. Do those dates coincide with the unauthorized use? If so, confront the person. Ask them, "Look, what exactly did you do on my computer?" They may not respond honestly, but it's enough for you to indicate that you're suspicious. Afterwards, tell them, "My computer is very private, it's best if you didn't use it again."
Windows often has an option to view recently accessed documents. Click start -> My recent documents. Does anything look amiss? You should only see files you've recently opened. If it's empty, and you haven't personally cleared the record (this requires a bit of digging to do) it means that your visitor was viewing documents, pictures, etc, and then tried to cover his tracks.
In general you're probably being paranoid. Lots of programs dump log files and the like into your My Document's folder. If it looks like gibberish to you, it probably also looks like gibberish to anyone else.
this person has said some things which made me wonder about spyware on my computer
I'm not sure what the person meant, only you know the context, but if you want to scan for spyware I recomend Spybot and Adaware.
You should also dig through the Add / Remove programs option under Control Panel to see what if anything has been installed recently. It's always good to remove unknown or unused programs anyway. I like PC Decrapifier for automating this process.
McAfee and Spybot say there is nothing there. Should I be worried?
McAfee is crap. Uninstall it and get a better anti-virus scanner such as AVG.
is there anything else I should do to make sure that nothing is amiss?
You'll never know absolutely what this person did. It's best to password protect your computer in the future.
posted by wfrgms at 12:44 PM on December 21, 2008
Windows often has an option to view recently accessed documents. Click start -> My recent documents. Does anything look amiss? You should only see files you've recently opened. If it's empty, and you haven't personally cleared the record (this requires a bit of digging to do) it means that your visitor was viewing documents, pictures, etc, and then tried to cover his tracks.
In general you're probably being paranoid. Lots of programs dump log files and the like into your My Document's folder. If it looks like gibberish to you, it probably also looks like gibberish to anyone else.
this person has said some things which made me wonder about spyware on my computer
I'm not sure what the person meant, only you know the context, but if you want to scan for spyware I recomend Spybot and Adaware.
You should also dig through the Add / Remove programs option under Control Panel to see what if anything has been installed recently. It's always good to remove unknown or unused programs anyway. I like PC Decrapifier for automating this process.
McAfee and Spybot say there is nothing there. Should I be worried?
McAfee is crap. Uninstall it and get a better anti-virus scanner such as AVG.
is there anything else I should do to make sure that nothing is amiss?
You'll never know absolutely what this person did. It's best to password protect your computer in the future.
posted by wfrgms at 12:44 PM on December 21, 2008
In the past, this person has said some things which made me wonder about spyware on my computer. McAfee and Spybot say there is nothing there. Should I be worried?
That sort of suggestion coupled with recent suspicious activity (and possible reading of chat logs) sounds to me like he planned to put a keylogger on your PC and pre-developed this amorphous idea of "spyware" to insulate himself from suspicion. I know nothing about this guy, his level of tech savvy, or his intentions, but for a reasonably smart person who was absolutely untrustworthy it doesn't strike me as that far-fetched.
posted by Inspector.Gadget at 5:55 PM on December 21, 2008
That sort of suggestion coupled with recent suspicious activity (and possible reading of chat logs) sounds to me like he planned to put a keylogger on your PC and pre-developed this amorphous idea of "spyware" to insulate himself from suspicion. I know nothing about this guy, his level of tech savvy, or his intentions, but for a reasonably smart person who was absolutely untrustworthy it doesn't strike me as that far-fetched.
posted by Inspector.Gadget at 5:55 PM on December 21, 2008
I'll add to the good advice you've already received by repeating a computer security mantra:
If an untrustworthy person has had physical access to your computer, it is no longer your computer.
While there are some obvious things you could check (i. e. AdAware and Spybot) you should assume that:
1. He could have accessed any document on your computer, whether or not it's shown in Recent Documents.
2. He could have your passwords for websites, online banking, email, or anything else your computer knows the password for. He could have any personal information (bank account numbers, etc.) stored on your computer.
3. He could be monitoring your computer or accessing it remotely at any time.
So if you do anything at all personal or private with that machine, I'd suggest the following:
1. Check for sneaky hardware devices.
2. Save all documents you want to keep to a backup device such as a USB drive.
3. Reformat the disk and re-install Windows.
Maybe you don't want to go that far--if nothing personal is on the computer, or if you really do trust this person--but it's the only way to ensure that your information is safe.
Of course, the above steps are 100% pointless if that person will ever be left alone with the computer again. If that's going to happen and you can't prevent it, I'd suggest you get in the habit of carrying a USB drive, storing any private documents on it, and using portable Firefox for your browsing.
posted by mmoncur at 9:59 PM on December 21, 2008
If an untrustworthy person has had physical access to your computer, it is no longer your computer.
While there are some obvious things you could check (i. e. AdAware and Spybot) you should assume that:
1. He could have accessed any document on your computer, whether or not it's shown in Recent Documents.
2. He could have your passwords for websites, online banking, email, or anything else your computer knows the password for. He could have any personal information (bank account numbers, etc.) stored on your computer.
3. He could be monitoring your computer or accessing it remotely at any time.
So if you do anything at all personal or private with that machine, I'd suggest the following:
1. Check for sneaky hardware devices.
2. Save all documents you want to keep to a backup device such as a USB drive.
3. Reformat the disk and re-install Windows.
Maybe you don't want to go that far--if nothing personal is on the computer, or if you really do trust this person--but it's the only way to ensure that your information is safe.
Of course, the above steps are 100% pointless if that person will ever be left alone with the computer again. If that's going to happen and you can't prevent it, I'd suggest you get in the habit of carrying a USB drive, storing any private documents on it, and using portable Firefox for your browsing.
posted by mmoncur at 9:59 PM on December 21, 2008
As a Windows tech for 6 years, I must say that, unfortunately for you, mmoncur is 100% right. Your decision is: is it worth a complete reformat/reinstallation of Windows? Because that's the only 100% way to know that there are no data stealing utilities on there. I don't know how much it would cost to have done (backup your data, format the hard drive, reinstall Windows, reinstall your programs, replace your data, reinstall any hardware peripherals) but on the bright side: fresh windows install, handy tips from the tech, and mostly, peace of mind.
Or you could use tools available for download (or even pay a tech) to try to find anything the visitor may have put on there.
It's a bad position you're in, and I hate it for you. But it's a learning experience.
Always remember, if a determined knowledgeable person has physical access to the computer, passwords won't stop them.
And you should change all your passwords to your online financial sites. And again after the computer is rebuilt.
posted by atm at 12:49 PM on December 22, 2008
Or you could use tools available for download (or even pay a tech) to try to find anything the visitor may have put on there.
It's a bad position you're in, and I hate it for you. But it's a learning experience.
Always remember, if a determined knowledgeable person has physical access to the computer, passwords won't stop them.
And you should change all your passwords to your online financial sites. And again after the computer is rebuilt.
posted by atm at 12:49 PM on December 22, 2008
This thread is closed to new comments.
posted by flabdablet at 9:56 AM on December 21, 2008