Originally Posted By: eddie1261
Richard, go to the EVENT LOG and you can see who connects and when. As far as "turning the internet off", the best they can do is disable the network card, but they would have no way to reconnect the next day to enable it, so that one there you would have to provide more details for. I did a great amount of black hat hacking in my day and know a lot of tricks.

If they turned her internet off and by that you mean her interface from her internet provider dropped link, then someone at the spammer end had to social engineer his way into the provider and posing as her have them shut the service off.

This often goes much deeper than just them calling. The social engineering part often plays a bog role.

As far as Team View installed in 2007, the spammer didn't do that.

Remember these people shotgun dial. Nobody came after her specifically. She was the next number on the robodialer.


Eddie,

Too late for the event log, we've retired the PC. Still have it, but prolly not worth going into, unless something else happens.

Before we go any farther, I want to be sure we understand one another. I am not the hacker or tech that you are, but I've been building and configuring my own PCs and networks for a good while. I read about six feet worth of books from cover to cover and took an A+ Certification class to get to that point. I can't do a lot of things that you and others can, but I can understand what you're talking about. Please accept that I also know of what I speak and am reporting events accurately, to the best of my memory. 'Kay?

So when I say they turned her internet off and back on, that's exactly what I mean. When they called her back the day before I saw her they said that her internet was back on, and it was. No social engineering--she knows better. Her son and my wife's former boyfriend taught her well. She'd just hang up before touching a thing.

I know that Team Viewer wasn't installed in 2007--it was a current version. Neither you nor I have any idea who did. Whoever it was took great care to hide it deep in a TEMP directory AND changed the file date. Give me credit for thinking to look.

This wasn't random. These people were screwing with her, her PC, and her internet service. I might give one coincidence a pass, but not this many. (And, as I said, there was more which I can't recall; this was last fall.)

She is now running a Win 8.1 PC that is less than one year old and as secure as I know how to make it for an everyday user. If the slightest strangeness occurs again, I will take it to the FBI--but I will check the event log first.

I thank you for writing, Eddie, and look forward to any further insight you can offer.

R.

Last edited by Ryszard; 07/10/15 10:33 AM. Reason: Add content
"My primary musical instrument is the personal computer."