D
DanielHostetler1
So I had been working remotely with a east coast based company that required me to connect using a VPN. After having some issues with configuration settings not staying as set I contacted their help desk to see if we could troubleshoot the issue. In the process of the Help Desk tech attempting to diagnose the cause he proceeded to access a hidden server share connected with my system and in doing so I was able to see that they had taken a complete copy of my files and folders from my personal computer. It took me a moment to realize that is what I was looking at and when I reacted to what I was seeing, he quickly shut the share and then proceeded to act like it didn't happen and wouldn't respond to my questions.
I immediately logged off their server and shut my computer down. After a few days I made a duplicate copy of the drive and all contents and then wiped my drive completely and installed a new version of windows 10 Pro from the Microsoft site using a USB drive. However I would immediately connect my personal Windows profile and that would immediately connect my cloud storage. I also would connect my gmail accounts and sync the information that I was having backed up on Google Drive. I used to be a lot more comfortable with Windows registry but have slowly lost what I knew since I last used it daily around the release of XP. Based on the information I have gathered and discovered using a different tower and the copy of my drive I know that the intrusions, access and policy settings that had been installed and added to my system went far beyond a VPN setup and was there for purposes that they had not authorization or right to make to my system. During the investigation I came to suspect that the configurations they made were, for lack of a better description, self healing and replicating. That has caused me to be incredibly concerned and somewhat paranoid that when signing onto my gmail and windows accounts I unknowingly opened the door to them again and that there are settings and changes that have happened that I haven't discovered as of yet. As I said, the backend of Windows 10 is so much more robust and so much has changed that I don't know what to look for or determine if registry keys that I'm seeing are normal and correct or if they have been changed or added beyond the normal changes
I'm not seeing the level of odd events that I had been prior to doing a completely fresh build of the OS but there are some events that have happened and keys I'm seeing that cause me some concern however I am so hyperattentive and paranoid that I know I could be inventing things in my head that are totally normal.
This brings me to the motive for the post. Is it possible to setup software or a configuration utility to self repair and then hide to avoid discovery or reveal it's presence for anyone not sophisticated or knowledgeable enough to notice abnormalities? What should I look for, use or know to deal with a malfunction or abnormal event? I am fully prepared to be told I'm just really paranoid and there is no issues or ways that type of intrusion could be maintained without giving off the signs so I prepared for that< i'm just tired of not having a firm answer. Any feedback, help, ideas or solutions would be and will be helpful and VERY appreciated.
Continue reading...
I immediately logged off their server and shut my computer down. After a few days I made a duplicate copy of the drive and all contents and then wiped my drive completely and installed a new version of windows 10 Pro from the Microsoft site using a USB drive. However I would immediately connect my personal Windows profile and that would immediately connect my cloud storage. I also would connect my gmail accounts and sync the information that I was having backed up on Google Drive. I used to be a lot more comfortable with Windows registry but have slowly lost what I knew since I last used it daily around the release of XP. Based on the information I have gathered and discovered using a different tower and the copy of my drive I know that the intrusions, access and policy settings that had been installed and added to my system went far beyond a VPN setup and was there for purposes that they had not authorization or right to make to my system. During the investigation I came to suspect that the configurations they made were, for lack of a better description, self healing and replicating. That has caused me to be incredibly concerned and somewhat paranoid that when signing onto my gmail and windows accounts I unknowingly opened the door to them again and that there are settings and changes that have happened that I haven't discovered as of yet. As I said, the backend of Windows 10 is so much more robust and so much has changed that I don't know what to look for or determine if registry keys that I'm seeing are normal and correct or if they have been changed or added beyond the normal changes
I'm not seeing the level of odd events that I had been prior to doing a completely fresh build of the OS but there are some events that have happened and keys I'm seeing that cause me some concern however I am so hyperattentive and paranoid that I know I could be inventing things in my head that are totally normal.
This brings me to the motive for the post. Is it possible to setup software or a configuration utility to self repair and then hide to avoid discovery or reveal it's presence for anyone not sophisticated or knowledgeable enough to notice abnormalities? What should I look for, use or know to deal with a malfunction or abnormal event? I am fully prepared to be told I'm just really paranoid and there is no issues or ways that type of intrusion could be maintained without giving off the signs so I prepared for that< i'm just tired of not having a firm answer. Any feedback, help, ideas or solutions would be and will be helpful and VERY appreciated.
Continue reading...