Is it normal for IE history to log system activity/contents?

Page 2 of 2 FirstFirst 12

  1. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #11

    In-Private browsing is very similar to deleting everything on exit with the same setting as I posted
    You can also go into the Advanced settings and check the box or confirm it's checked to delete on exit too.

    In issues like this it might be best to reset the modem and or router to it's defaults and change the access password too.
      My Computer


  2. Posts : 30
    Windows 7 x64
    Thread Starter
       #12

    ThrashZone said:
    In-Private browsing is very similar to deleting everything on exit with the same setting as I posted
    You can also go into the Advanced settings and check the box or confirm it's checked to delete on exit too.
    Thank you ThrashZone, I'd figured it was somewhat similar.


    ThrashZone said:
    In issues like this it might be best to reset the modem and or router to it's defaults and change the access password too.
    I'm afraid those have already been done, time and again, without resolving the issue. At one point I saw that IE had visited the wireless security URL of the router, but when I attempted to log in myself to check for changes I discovered that the router's password had also been changed. Unlike the similar hack of the BIOS however, the router issue was of course easily fixed with a reset. The BIOS hack, with even Dell tech unable to reset the password, will require a new motherboard ... once this is all cleaned up.


    I suspect I've done clean installs of both 7 and 8.1 more than half a dozen times over the past couple of months, but each time everything reoccurs again from the start.



    Thanks again for our help! :)
      My Computer


  3. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #13

    Just curious you haven't selected a region or state flag yet on your profile :/
    I'm wondering what neighborhood to stay away from
    Seems a pretty cleaver fellow is near by possibly ?
      My Computer


  4. Posts : 30
    Windows 7 x64
    Thread Starter
       #14

    ThrashZone said:
    Just curious you haven't selected a region or state flag yet on your profile :/
    Ha! Done (Minnesota).


    ThrashZone said:
    I'm wondering what neighborhood to stay away from
    Seems a pretty cleaver fellow is near by possibly ?
    Ah, if only it were as innocent as that.
    In the words of one IT security specialist with whom I spoke, I appear to have in my system a "top-shelf hacker".

    Most curious, especially as I've not experienced any of the more common hacking symptoms, financial/identity theft and so on. The only one of my online accounts which shows clear evidence of unauthorized access is my email, and nothing significant seems to have resulted.

      My Computer


  5. Posts : 143
    Windows 7 Home Premium 64 bit
       #15

    Let's see them hack in if you're using the Linux Mint 17 Live CD! :)

    Was this computer ever used in any remote tech support issues? (LogmeIn, Teamviewer, AMMY, etc)

    1. New router, allow only one wireless user (limited to your MAC address), or , disable wireless altogether (until you get this sorted out)
    2. Possible you have some sort of rootkit
    - do a search for aswMBR
    - and Kasperky's TDSS killer

    3. Or, next time reformatting, hook your drive up to external Linux machine to examine all partitions
      My Computer


  6. Posts : 30
    Windows 7 x64
    Thread Starter
       #16

    mdd1963 said:
    Let's see them hack in if you're using the Linux Mint 17 Live CD! :)
    Thank you for the reply mdd1963!

    Apologies for not responding sooner ... just after I received the notice of your post my internet connection was lost again, by the time it was restored I had forgotten about the notification until I noticed it again in my inbox this afternoon.


    That's definitely worth a shot, thank you for the suggestion.

    One of the issues which I've experienced however has been that, even in instances where I've first unplugged my hard drives and disconnected both router and modem, when I've run a Live CD of Ubuntu (or even MiniXP) indications of intrusion were evident on the system by the time the desktop had loaded. I would immediately experience abnormal system behavior (such as an inability to obtain root privileges), and I also discovered numerous entries in the various setup/system event logs written by Ubuntu, a seeming avalanche of critical or fatal error messages toward the end of the setup process.

    One more type of event which would seem possible only in the context of a BIOS exploit scenario.



    mdd1963 said:
    Was this computer ever used in any remote tech support issues? (LogmeIn, Teamviewer, AMMY, etc)
    The laptop was purchased several years ago on eBay so I can't vouch for its history (I recall that the seller claimed to be a student, finding the laptop to be too heavy to carry between classes), but I've not seen any hints of this sort of behavior during most of my ownership. In any case it's been through a good number of drive replacements and clean reinstalls since its purchase -- primarily since my becoming aware of the security breach, but some of this before that point as well.



    mdd1963 said:
    1. New router, allow only one wireless user (limited to your MAC address), or , disable wireless altogether (until you get this sorted out)
    Unfortunately all of these have been tried without resolving the intrusion issues. I had set up the router just as you suggest, including allowing only one device and disabling wireless. However in the case of the current router, a Linksys E2500, I happened to notice in the IE history (again, I never use IE) that the URLs of one of the browser-based router settings console panels had been visited, specifically the page on which wireless is disabled. Upon attempting to log in to the console myself to look for unauthorized changes I discovered that the access password had been changed and I was locked out. I reset and reinstalled the router, which was merely followed by a repeat of the above events.



    mdd1963 said:
    2. Possible you have some sort of rootkit
    - do a search for aswMBR
    - and Kasperky's TDSS killer
    Again, both have been tried with nothing being detected, these along with other rootkit scans such as Sophos.



    mdd1963 said:
    3. Or, next time reformatting, hook your drive up to external Linux machine to examine all partitions
    Each time I've performed a clean install (7 times in about the past two months) it's been done on a brand new SSD. A return of the intrusion has been evident in each case soon after, in some cases by the time I first get to the fresh desktop and examine the event logs. The installations have been off of OEM CDs obtained by myself directly from Dell.


    I don't mean in the least to be dismissive of your intelligent suggestions, I very much appreciate the assistance! Thanks again for your reply.

    :)
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:22.
Find Us