Heraclitus
Member
I turned on my girlfriend's computer this morning, and the Windows registry checker came up and told me that there was an error in the registry and that a backup version would be used. I okayed it and the computer restarted. Windows loaded and told me that it couldn't find a file that the registry was looking for. No problem, right? I told it to continue.
Windows then detected and reloaded my network card. Okay. Then Windows started:
* It loaded a Theme (Golden Age, if you're curious) that we've never used.
* Drive sharing was turned on (it had been off before) and both hard drives were shared.
* The documents list in the start menu was reset.
* Norton Antivirus and System Works had been disabled, and couldn't be started.
* I browsed through the My Documents folder and found suspicious temp files (e.g. temp files of old Word documents that had the word "Repayment" or "Pay" in the titles.
We're connected to a network: more specifically, we're sharing a DSL internet connection with a bunch of other people, people we don't know. We're running ZoneAlarm as a firewall; however, the default settings for ZA are high security for internet but only medium security for the local network, and that's what we were running. I don't really recall the specifics of these settings, except that the local setting was supposed to preserve sharing permissions or whatever, and clearly that's been compromised.
Basically, this is my mystery: did a malicious person, presumably on the network rather than over the internet, hack us, causing the registry problem and the other changes? Or was this an innocent registry corruption/error, and did Windows make all those peculiar changes (sharing my drives, changing my theme, etc.) when it repaired the registry? How can I tell? And if my computer was compromised, is there any way I can tell what was done, or accessed? And how can I prevent this in the future?
Thanks in advance for any helpful replies; I'm a bit out of my depth here.
Windows then detected and reloaded my network card. Okay. Then Windows started:
* It loaded a Theme (Golden Age, if you're curious) that we've never used.
* Drive sharing was turned on (it had been off before) and both hard drives were shared.
* The documents list in the start menu was reset.
* Norton Antivirus and System Works had been disabled, and couldn't be started.
* I browsed through the My Documents folder and found suspicious temp files (e.g. temp files of old Word documents that had the word "Repayment" or "Pay" in the titles.
We're connected to a network: more specifically, we're sharing a DSL internet connection with a bunch of other people, people we don't know. We're running ZoneAlarm as a firewall; however, the default settings for ZA are high security for internet but only medium security for the local network, and that's what we were running. I don't really recall the specifics of these settings, except that the local setting was supposed to preserve sharing permissions or whatever, and clearly that's been compromised.
Basically, this is my mystery: did a malicious person, presumably on the network rather than over the internet, hack us, causing the registry problem and the other changes? Or was this an innocent registry corruption/error, and did Windows make all those peculiar changes (sharing my drives, changing my theme, etc.) when it repaired the registry? How can I tell? And if my computer was compromised, is there any way I can tell what was done, or accessed? And how can I prevent this in the future?
Thanks in advance for any helpful replies; I'm a bit out of my depth here.
