Investigation/cleaning of remote machine

Discussion in 'other security issues & news' started by blackfox, Aug 29, 2013.

Thread Status:
Not open for further replies.
  1. blackfox

    blackfox Registered Member

    Aug 28, 2013
    United Kingdom
    Hi there,

    I'm not sure if i'm posting this in the most appropriate place, let me know if that's the case.

    I'm basically looking for some advice and hope a few of you might be able to shed some light or offer advice - or even recommend a more appropriate forum.

    I have a friend who has a windows 7 machine which could potentially have a multitude of problems - which relate to an ex boyfriend who is harassing her and threatening to disclose large amounts of private data to her friends and family. I'm yet to have a look at it but the main areas of concern are the following

    a) Potential key logger
    b) Potentially has access to all online accounts Facebook, email etc (passwords were changed but that didn't help)
    c) Potential remote access / back door
    d) potential access to mobile phone

    He has been able to produce personal emails, threatening to send copies to all family and friends - one person has confirmed this is true and been sent copies.

    He has turned up at her house saying he knew who was inside and what was being talked about - again she has confirmed what he repeated was actually correct.

    Has also managed to read or gain access to txt messages from phone.

    I'm waiting to hear back through a third party (not getting her to contact me in any digital way) in regards to a list of questions I have about hardware, software, phone type etc and specific examples of timings and what exactly has been happening. It all sounds quite complex and the kicker is the following

    a) She lives in a different country
    b) I have no physical access to the machine at all

    Both of these make it impossible to just blow the machine away and rebuild. Also it would be good to find any evidence at all to connect the dots

    Once I have an idea of what software and hardware i'm dealing with, i'll get her to do a sight check for physical key loggers any any other anomalies.

    This is where i'm stuck - i'd like to monitor the machine for file changes, logs etc and maybe a sniffer to see whats happening on there over a time period for potential FTP connections or anything odd before I jump in and try to pinpoint rouge files/services. Install firewall, AV etc

    All of which i'll need to do remotely :(

    So i'm just trying to prepare before she gets back to me and make sure i've got a plan in place.

    Does anyone have any ideas, experience or even recommendations on best practices for this type of scenario.

    *NOTE - the police have been informed they advised they can only assist if he turns up at the house again. They can't take any action on everything else he's been doing at this stage.
  2. Cudni

    Cudni Global Moderator

    May 24, 2009
Thread Status:
Not open for further replies.