Some of you may remember my first porn debacle.... well, it's happened again.
So, right after I walked in this morning, the admin asst from the dining hall called in. She said that she thought the night worker got on the computer that night, and now the program they use to track students wouldn't open.
I pretty much rolled my eyes and waited for my manager to come in. When she did, I explained what was up, and she decided that she'd go with me, and we'd figure out what to do when we knew exactly what was up.
So, we get over there, and the AA tells us they had to turn off the computer, because it kept popping up porno.com. I start it up, and.., yep, it's infected.
So, we take the computer with us, and manager tells me that she'll have a student worker work on it, so I don't have to, which is a yay. So, we get back, and after awhile, a student comes in, and they get started on the computer. Malwarebytes came back clean. While SUPER was running, the AA of the dining hall called back, asking if we could get any proof from the history of the computer to prove that the guy was getting on the computer.
So I spent about 2 hours pulling each website and taking a screen cap of the sites visited and the time last visited. First, we had him dead to rights. He logged into both his facebook account and his email. Secondly, there was the normal run of porn. And...... finally, the site that had the largest amount of visted pages???
CROSSDRESSER.COM
I did learn far more about this guy than I wanted.
Thankfully, during my investigation, I found a reference to the files that were infecting the computer. I was able to remove the files in question, and the computer was then fine. I brought the computer back to the dining hall, set up the computer and discussed my findings with the AA.
I will be locking down the computer BIG time tomorrow.
Wish me luck!
So, right after I walked in this morning, the admin asst from the dining hall called in. She said that she thought the night worker got on the computer that night, and now the program they use to track students wouldn't open.
I pretty much rolled my eyes and waited for my manager to come in. When she did, I explained what was up, and she decided that she'd go with me, and we'd figure out what to do when we knew exactly what was up.
So, we get over there, and the AA tells us they had to turn off the computer, because it kept popping up porno.com. I start it up, and.., yep, it's infected.
So, we take the computer with us, and manager tells me that she'll have a student worker work on it, so I don't have to, which is a yay. So, we get back, and after awhile, a student comes in, and they get started on the computer. Malwarebytes came back clean. While SUPER was running, the AA of the dining hall called back, asking if we could get any proof from the history of the computer to prove that the guy was getting on the computer.
So I spent about 2 hours pulling each website and taking a screen cap of the sites visited and the time last visited. First, we had him dead to rights. He logged into both his facebook account and his email. Secondly, there was the normal run of porn. And...... finally, the site that had the largest amount of visted pages???
CROSSDRESSER.COM
I did learn far more about this guy than I wanted.
Thankfully, during my investigation, I found a reference to the files that were infecting the computer. I was able to remove the files in question, and the computer was then fine. I brought the computer back to the dining hall, set up the computer and discussed my findings with the AA.
I will be locking down the computer BIG time tomorrow.
Wish me luck!
Comment