Keylogger

[HannahT]

I started with a new company not long ago, and this company did have a history of past employees that don't sound like the most honorable of people. The owner is a bit naive in the trust department. He got burned a couple of times. Sigh.

Anyway, from what I have heard it might be a good idea to check for keyloggers. I also suspect that one of the x employees maybe forwarding all the company emails to his account - copies that is. They use outlook. I'm the only one using the company at this point, and I want to be sure no fishy business is going on.

There is a Anti-Rootkit from Malwarebytes that might be a good shot at a start from what I'm reading.

Any suggestions would be appreciated!

 

[Darkhorse]

I've always been impressed with MalwareBytes. They find stuff no one else does.
They're also the first target of destructive malware, in my experience.

 

[chevyontheriver]

I started with a new company not long ago, and this company did have a history of past employees that don't sound like the most honorable of people. The owner is a bit naive in the trust department. He got burned a couple of times. Sigh.

Anyway, from what I have heard it might be a good idea to check for keyloggers. I also suspect that one of the x employees maybe forwarding all the company emails to his account - copies that is. They use outlook. I'm the only one using the company at this point, and I want to be sure no fishy business is going on.

There is a Anti-Rootkit from Malwarebytes that might be a good shot at a start from what I'm reading.

Any suggestions would be appreciated!

I would go for a totally new computer, or at minimum a new clean installation of the operating system. That gets rid of any number of compromises a computer may have suffered.

A rootkit detector is most useful when starting with a known clean system. Good idea, but they typically only detect new root attacks and not old ones.

I would say go for the clean install of the operating system. Nothing less.

 

[ewq1938]

I would go for a totally new computer, or at minimum a new clean installation of the operating system. That gets rid of any number of compromises a computer may have suffered.

A rootkit detector is most useful when starting with a known clean system. Good idea, but they typically only detect new root attacks and not old ones.

I would say go for the clean install of the operating system. Nothing less.

Yes and there's a change the OS has a restore partition and/or a way to burn a restore disk.

 

[chevyontheriver]

Yes and there's a chan[c]e the OS has a restore partition and/or a way to burn a restore disk.

Might work. Worth a try, unless, of course that too is corrupted by malware. Is a restore partition immune? I simply don't know.

 

[HannahT]

I would go for a totally new computer, or at minimum a new clean installation of the operating system. That gets rid of any number of compromises a computer may have suffered.

A rootkit detector is most useful when starting with a known clean system. Good idea, but they typically only detect new root attacks and not old ones.

I would say go for the clean install of the operating system. Nothing less.

I was going to suggest that AFTER we get past me trying to get his books in order. They are terrible right now. He had one loyal - dependable - employee when we started to build our retirement home there that did the computer work. She got sick and retired. Since then? No one could do quickbooks for the business, and it shows.

We - the owner and I - swapped business owner horror stories over the last couple of years. He was one of our vendors we used for our home. (I closed my business to be caregiver for 3 family members..YES at once) He needed someone that knew what they were doing, and instead got unskilled - and I think he depended on a family member to train (didn't happen) - or a charismatic employee but not so honorable member of his team that got his fingers into things. That person is the one I'm worried about. He was fired.

I wanted to wait until the business year ended to start a NEW company file in GB so I didn't have to waste time and effort - and money - to fix what was broken already. Yet, in the meantime make sure the less than honorable past employee isn't taking advantage. After that? I'm the only computer and its on me! Tax ending season is different than individuals. Fresh year - fresh install.

The owner - our friend and past vendor for our home? Zero computer experience, and he has got ripped off by more than one past employee. The man doesn't even have a computer on his DESK! (can he turn one on? I have no idea) lol naive trustworthy person? Yes. Good business person? He has the volume but needs the skilled employees to back him up. Then YES very! Yes, I'm trying to be general here. The decent employees he has - been with him for years - aren't on the computer at all. They are the ones that keep putting stories in my ears that the owner has confirmed. That was after they felt I was somewhat loyal - and knew what I was doing.

Past employee (the one that got fired) gave me the willies while building our home as well. So, it could be paranoia - I will admit. He tried to take advantage of us, and so I don't trust what he is capable of. I called him OUT, and the company lost money because of his tricks he attempted on us. Can you see where I'm coming from? I can see him taking advantage of things. Revenge, Sick Games? Whatever...yuck!

The owner will go with a fresh install if I recommend this. I want to see if I can find something now, and I know he would be curious to see if I did. The owner that is. Once new tax - and business year season starts? Yes, MOST definitely! I don't want to throw a wrench into things without cause first.

 

[High Fidelity]

Take your concerns to your boss and implore him to hire a cyber security contractor.

If either of those accusations are true then spending a few thousand isn't a big deal because it can likely be reclaimed in the ensuing lawsuit.

 

[ewq1938]

Might work. Worth a try, unless, of course that too is corrupted by malware. Is a restore partition immune? I simply don't know.

I think they are usually "locked" so no accidental deletions can happen but I think partition software can change partitions so not6 sure what current malwares can do and not do but if the tech department is any good they should already have burned copies of the restore software or even an image of the hard drive so a hard drive duplicator can be used which is the fastest way to get it all done.

 

[chevyontheriver]

I think they are usually "locked" so no accidental deletions can happen but I think partition software can change partitions so not6 sure what current malwares can do and not do but if the tech department is any good they should already have burned copies of the restore software or even an image of the hard drive so a hard drive duplicator can be used which is the fastest way to get it all done.

Sounds like a very small business with no tech department. And probably no computer security policies worth much. My guess would be that there will be all kinds of hacks on their computers, from all sorts of directions.

 

[chevyontheriver]

I was going to suggest that AFTER we get past me trying to get his books in order. They are terrible right now. He had one loyal - dependable - employee when we started to build our retirement home there that did the computer work. She got sick and retired. Since then? No one could do quickbooks for the business, and it shows.

We - the owner and I - swapped business owner horror stories over the last couple of years. He was one of our vendors we used for our home. (I closed my business to be caregiver for 3 family members..YES at once) He needed someone that knew what they were doing, and instead got unskilled - and I think he depended on a family member to train (didn't happen) - or a charismatic employee but not so honorable member of his team that got his fingers into things. That person is the one I'm worried about. He was fired.

I wanted to wait until the business year ended to start a NEW company file in GB so I didn't have to waste time and effort - and money - to fix what was broken already. Yet, in the meantime make sure the less than honorable past employee isn't taking advantage. After that? I'm the only computer and its on me! Tax ending season is different than individuals. Fresh year - fresh install.

The owner - our friend and past vendor for our home? Zero computer experience, and he has got ripped off by more than one past employee. The man doesn't even have a computer on his DESK! (can he turn one on? I have no idea) lol naive trustworthy person? Yes. Good business person? He has the volume but needs the skilled employees to back him up. Then YES very! Yes, I'm trying to be general here. The decent employees he has - been with him for years - aren't on the computer at all. They are the ones that keep putting stories in my ears that the owner has confirmed. That was after they felt I was somewhat loyal - and knew what I was doing.

Past employee (the one that got fired) gave me the willies while building our home as well. So, it could be paranoia - I will admit. He tried to take advantage of us, and so I don't trust what he is capable of. I called him OUT, and the company lost money because of his tricks he attempted on us. Can you see where I'm coming from? I can see him taking advantage of things. Revenge, Sick Games? Whatever...yuck!

The owner will go with a fresh install if I recommend this. I want to see if I can find something now, and I know he would be curious to see if I did. The owner that is. Once new tax - and business year season starts? Yes, MOST definitely! I don't want to throw a wrench into things without cause first.

Sounds like a mess. Do you have the QuickBooks backed up to some external drive? Or even multiple copies to multiple drives? If not, that is the very first step. QB and any other files the business absolutely depends on.

 

[paul1149]

A clean install is an excellent idea. If it's Win 10, you can just download the Win 10 installer and do it yourself. The factory recovery partition could theoretically be hacked, but it would be very unusual. Usually they go for what's already operating.

Before you do anything, make sure you have redundant backups of your data. You should have one or more local copies, and one in the Cloud is a good idea too. Then once you Reset or install afresh, you just install the programs again and copy back the data.

Or you can get a cheap computer and do your work on it until the older unit is reset.

Another idea is to take the machine in question offline.

 

[nonaeroterraqueous]

I agree with all of the advice given so far. As a rule of thumb, re-installation of the operating system is generally the most effective way to get rid of malware. I'd like to add a couple of considerations, though.

I also suspect that one of the x employees maybe forwarding all the company emails to his account - copies that is.

You should consider the possibility of a server-level intrusion. If your company is small and had weak security restrictions, then it is quite possible that the ex-employee knows how to get at the emails through the server by way of webmail. It's a lot easier than trying to hack Outlook and make it forward copies undetected. Consider changing the email password(s). Access to an email account provides a plethora of opportunity for an attacker, especially as a means of gaining access to all manner of internet sites through resetting passwords in the dead of night, and then deleting the email notifications afterward, before you see them.

There is a Anti-Rootkit from Malwarebytes that might be a good shot at a start from what I'm reading.

Malwarebytes is an excellent company, but not every rootkit has a solution. Keep in mind that if you seriously think you have a rootkit, then you'll need to keep an eye open for evidence of automatic re-installation of that rootkit after you re-install the operating system. If that happens, then it could be hiding on the hardware, and the only solution may be a new computer, router, etc.

I'm not an IT professional. I'm just paranoid and I read a lot.