hammerjammer
07-12-2003, 10:24 PM
i have a GREAT new 2-part problem for you guys:
1] in removing the RiveraGoldCasino spyware/malware from one of my systems, i somehow made windows delete the account profile for that system. the administrator account is perfectly intact, but PORT4 does not even show up in users, has no folder in Documents and Settings, etc. wierd thing is, you can still log IN as PORT4. what happens when you do this is windows CREATES the PORT4 account (documents and settings folder and all). then when you log out, it disappears just as quickly. Just for now, i didn't consider this much of a problem because whatever monkey business the people who use this public, coffeehouse kiosk-style system do to this account doesn't save when i log it out and literally everything is wiped out. this includes all the spyware and malware and toolbars and all that BS they download, as well as all the wierd settings and backgrounds and homepages they seem to want to put on it. which brings me to the second part:
2] this guy came in last night and spent four hours downloading kiddieporn and also is apprently the head of a Yahoo Groups club that swaps kiddieporn as well as trolls various underage chatrooms searching for prey. the owner of the establishment and i looked over the URLs he visited, and the files he downloaded, etc... and she plans on calling the local police on monday. we've got the guy's name and drivers license info (which we collect when we rent the kiosk-computers to customers; problem is in the meantime, the account has now been logged out, thus removing all traces of the creep's activity. i doubt that there's been any deleting, just the account is gone so all paths to the files/folders are unaccessable.
Norton Ghost was unable to find the data, as was a few other programs i tried.
any ideas?
HJ
1] in removing the RiveraGoldCasino spyware/malware from one of my systems, i somehow made windows delete the account profile for that system. the administrator account is perfectly intact, but PORT4 does not even show up in users, has no folder in Documents and Settings, etc. wierd thing is, you can still log IN as PORT4. what happens when you do this is windows CREATES the PORT4 account (documents and settings folder and all). then when you log out, it disappears just as quickly. Just for now, i didn't consider this much of a problem because whatever monkey business the people who use this public, coffeehouse kiosk-style system do to this account doesn't save when i log it out and literally everything is wiped out. this includes all the spyware and malware and toolbars and all that BS they download, as well as all the wierd settings and backgrounds and homepages they seem to want to put on it. which brings me to the second part:
2] this guy came in last night and spent four hours downloading kiddieporn and also is apprently the head of a Yahoo Groups club that swaps kiddieporn as well as trolls various underage chatrooms searching for prey. the owner of the establishment and i looked over the URLs he visited, and the files he downloaded, etc... and she plans on calling the local police on monday. we've got the guy's name and drivers license info (which we collect when we rent the kiosk-computers to customers; problem is in the meantime, the account has now been logged out, thus removing all traces of the creep's activity. i doubt that there's been any deleting, just the account is gone so all paths to the files/folders are unaccessable.
Norton Ghost was unable to find the data, as was a few other programs i tried.
any ideas?
HJ