[Newbie] LimeWire + lying teenager with admin account = ?

My daughter's laptop runs Windows XP Home (which I don't use
myself, and don't know much about). I set it up with normal
user accounts for her and myself, and an account named "Admin"
with administrator privileges (if that's the right term).

I explained to her (and thought she understood) that the "Admin"
account was not to be used for everyday operations. (But I wonder
now why I ever trusted her with the password in the first place.)

We recently went onto broadband for the first time; and a couple
of days ago I found she had fallen asleep in front of the laptop
while logged in as "Admin", and running the file-sharing program
LimeWire (which I also know little about, but I presume must pose
some security risks).

I immediately changed the "Admin" password, and the next day I
asked her what she had been doing. She swore she would never use
the "Admin" account for anything except installing software (also
that all her friends used LimeWire without problems). Mollified
(too easily, as it turned out), I gave her the new password.

I have just found her asleep in front of her laptop again, logged
in simultaneously to her own account and to "Admin" - which was
again running LimeWire. The firewall (Kerio 2.1.5, an old version)
was showing several connection attempts from all over the Internet.
(I didn't attempt to note any details, I just created rules to deny
everything, which was probably overkill.) Of course I changed the
password again, and I will not give it to her again until she has
found some (no doubt devious!) way of convincing me that she knows
what she is doing, and is acting responsibly.

My question (I'm sorry about the long preamble) is: what actual
security risks are there, and what should I be doing about them?

In particular, what threats might there also be to other computers
on the LAN? (We're all connected via Ethernet to a Netgear router.)

Also, if she was logged into the administrator account in order to
share files which she found she couldn't share otherwise (I'm only
guessing that this might be her reason), is it easy to use this
account (once only) to create folders which she can share when she
is logged in as a normal user? (I vaguely remember having had some
difficulty trying to do this myself - as I said, I'm unfortunately
ignorant about Windows XP.)

Finally (!), when I changed the password this time, I was asked
whether I wanted to make the administrator account's files private.
Unsure of what to do, I replied "no". What was the right answer?

I hope that my questions aren't stupid ones, but I'm in a near-panic
about this (partly because my daughter has been regularly driving me
nuts, with one thing or another, for nearly the last year, creating
situations where it is hard for me to acquire technical information
in my normal careful manner ... don't ever mention mobile phones to
me! ...) :-)
--
Angus Rodgers
(twirlip@ eats spam; reply to angusrod@)
Contains mild peril

Angus Rodgers wrote:

Please see my comments inline (with some snippage).

My daughter's laptop runs Windows XP Home (which I don't use
myself, and don't know much about). I set it up with normal
user accounts for her and myself, and an account named "Admin"
with administrator privileges (if that's the right term).

I explained to her (and thought she understood) that the "Admin"
account was not to be used for everyday operations. (But I wonder
now why I ever trusted her with the password in the first place.)

First mistake.

We recently went onto broadband for the first time; and a couple
of days ago I found she had fallen asleep in front of the laptop
while logged in as "Admin", and running the file-sharing program
LimeWire (which I also know little about, but I presume must pose
some security risks).

Second mistake. Limewire is a peer-to-peer filesharing program normally
used to pirate music and programs. This is one of the prime ways a
computer gets infected. Not meaning to offend you, but your third
mistake here is in not taking the time to do a quick Google for
"Limewire" which would have told you this is not A Good Thing To Do.
I'll give you some links to excellent websites about family security and
staying safe on the Internet at the end of this post, but it will of
course be up to you to take the time to go there.

I immediately changed the "Admin" password, and the next day I
asked her what she had been doing. She swore she would never use
the "Admin" account for anything except installing software (also
that all her friends used LimeWire without problems). Mollified
(too easily, as it turned out), I gave her the new password.

Fourth mistake.

In particular, what threats might there also be to other computers
on the LAN? (We're all connected via Ethernet to a Netgear router.)

If your daughter - who is doing risky computer behavior and I'm sure
this isn't limited to just Limewire - picks up a network-aware worm (a
very good possibility), it will infect all the machines on your network
if they are sharing files. Then you will need to clean up all the
machines, maybe even have to wipe all of them and start over. Make sure
you have current backups of all your important data.

Finally (!), when I changed the password this time, I was asked
whether I wanted to make the administrator account's files private.
Unsure of what to do, I replied "no". What was the right answer?

It doesn't matter what you did re the private files because you left the
door wide open anyway.

A. Standard security information:

Any computer running any operating system can be accessed by someone
with 1) physical access; 2) time; 3) skill; 4) tools. There are a few
things you can do to make it a bit harder though:

1. Set a password in the BIOS that must be entered before booting the
operating system. Also set the Supervisor password in the BIOS so BIOS
Setup can't be entered without it.

2. From the BIOS, change the boot order to hard drive first.

3. Set strong passwords on all accounts, including the built-in
Administrator account.

4. If you leave your own account logged in, use the Windows Key + L to
lock the computer (and/or set the screensaver/power saving) when you
step away from the computer and require a password to resume.

5. Make other users Limited accounts in XP Home, regular user accounts
in XP Pro.

6. Set user permissions/restrictions:

a. If you have XP Pro, you can set user permissions/restrictions with
Group Policy (StartRungpedit.msc [enter]) but be careful. Using the
Policy Editor can be tricksy. Questions about Group Policy should be
posted in its newsgroup: microsoft.public.windows.group_policy.

b. If you have XP Home, you can use MVP Doug Knox's Security Console or
the MS Steady State. SteadyState also works in XP Pro if you'd rather
not use Group Policy.

http://www.dougknox.com
Steady State -
http://www.microsoft.com/windows/pro...s/default.mspx

Please understand that these are technical responses to what is
basically a non-technical problem and there are ways around all of these
precautions. This is a family/interpersonal issue that can't be solved
by technical means.

B. Links to help you understand about staying safe on the Internet:

Some links to information I've written:

http://www.elephantboycomputers.com/...Basic_Security
http://www.elephantboycomputers.com/...iruses_Malware
http://www.elephantboycomputers.com/...tml#Backing_Up

Some very useful links to understand how to stay safe and how to keep
your children safe on the Internet:

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://msmvps.com/blogs/harrywaldron.../05/82584.aspx


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Whose computer is it? Hers or yours? Did you buy it for her to *use*
but you still own it? Or did you buy it to give it to her so it is
her property? And who is paying for the Internet access?

If you still own the computer, you will have to wipe the drive and
reinstall the OS. Since she had admin account access, by now she
could have installed a keylogger and will find out whatever password
you enter for any account. Boot from the install CD, format the
partitions, put a STRONG password on the Administrator account, and
give her a restricted account. If she needs to later install software
on YOUR computer then she will have to wait until you get around to
doing it.

The router probably has a logging feature but you might have to turn
it on. Then you can see where everyone is connecting.

Supposedly you are the parent. Supposedly the computer is still your
property that you allow her to use. So whatever happened to taking
away the kids toys as punishment? Force her to go to the library and
wait in line with the numerous kids already using those computers on
hosts that are locked down to limit what she can do with them. If she
repeatedly kept using your car to run over the neighbors yards,
fences, and dogs, would you continue to let her use your car?

http://www.google.com/search?q=%2Bguide+%2Bparenting

On Sat, 19 Jan 2008 05:36:52 -0800, Malke
wrote:

Angus Rodgers wrote:

We recently went onto broadband for the first time; and a couple
of days ago I found she had fallen asleep in front of the laptop
while logged in as "Admin", and running the file-sharing program
LimeWire (which I also know little about, but I presume must pose
some security risks).

Second mistake. Limewire is a peer-to-peer filesharing program normally
used to pirate music and programs. This is one of the prime ways a
computer gets infected. Not meaning to offend you, but your third
mistake here is in not taking the time to do a quick Google for
"Limewire" which would have told you this is not A Good Thing To Do.

I know it isn't a good thing to do. I didn't do it, nor did I
know that she had done it, nor did she ever say she was going to
do it, or ask me if she could do it, or if I would do it for her.

(It's all a consequence of the one great mistake of giving her access
to the admin account ... twice! Imagine how hard I'm kicking myself.)

In particular, what threats might there also be to other computers
on the LAN? (We're all connected via Ethernet to a Netgear router.)

If your daughter - who is doing risky computer behavior and I'm sure
this isn't limited to just Limewire - picks up a network-aware worm (a
very good possibility), it will infect all the machines on your network
if they are sharing files.

If a rootkit is involved, there is presumably little chance even of
detecting the problem, let alone curing it; but short of that, what
is my best chance of doing something about a possible infection?

The antivirus program on her machine is /almost/ up to date (licence
for updates expired a couple of weeks ago). It's based on Kaspersky,
which I trust. I haven't done a very thorough check for spyware. (I
thought I had time - I didn't realise that even she would be as fool-
ish as this, so quickly.)

My PC runs Win98SE, and is set not to give access to any of its files
over the LAN. Another networked PC also runs Win98SE, and does allow
access to some of its folders.

Then you will need to clean up all the
machines, maybe even have to wipe all of them and start over. Make sure
you have current backups of all your important data.

Most of mine, little of hers (serves her right).

1. Set a password in the BIOS that must be entered before booting the
operating system. Also set the Supervisor password in the BIOS so BIOS
Setup can't be entered without it.

Would this mean that she couldn't switch on her laptop without
knowing the most secure password? That would probably be un-
workable. (But /if/ security really has been badly compromised,
I will of course have to be open to really drastic suggestions,
and she will have to live with the consequences, too.)

2. From the BIOS, change the boot order to hard drive first.

3. Set strong passwords on all accounts, including the built-in
Administrator account.

4. If you leave your own account logged in, use the Windows Key + L to
lock the computer (and/or set the screensaver/power saving) when you
step away from the computer and require a password to resume.

Not a problem: I don't touch the machine much, and I never leave
myself logged in. All passwords are strong (the weakest being
the one on her normal user account, and even that is 8 characters
long, and is not a single word or well-known phrase).

5. Make other users Limited accounts in XP Home, regular user accounts
in XP Pro.

6. Set user permissions/restrictions:

a. If you have XP Pro, you can set user permissions/restrictions with
Group Policy (StartRungpedit.msc [enter]) but be careful. Using the
Policy Editor can be tricksy. Questions about Group Policy should be
posted in its newsgroup: microsoft.public.windows.group_policy.

b. If you have XP Home, you can use MVP Doug Knox's Security Console or
the MS Steady State. SteadyState also works in XP Pro if you'd rather
not use Group Policy.

http://www.dougknox.com
Steady State -
http://www.microsoft.com/windows/pro...s/default.mspx

Please understand that these are technical responses to what is
basically a non-technical problem and there are ways around all of these
precautions. This is a family/interpersonal issue that can't be solved
by technical means.

I know, only too well - she has been steadily trying to drive me mad
by various technical and non-technical means for about ten months now!
(You name it, she's probably done it - and that's only the stuff I
/know/ about.)

B. Links to help you understand about staying safe on the Internet:

Some links to information I've written:

http://www.elephantboycomputers.com/...Basic_Security
http://www.elephantboycomputers.com/...iruses_Malware
http://www.elephantboycomputers.com/...tml#Backing_Up

Some very useful links to understand how to stay safe and how to keep
your children safe on the Internet:

http://www.getsafeonline.org/
https://www.mysecurecyberspace.com/
http://www.getnetwise.org/
http://msmvps.com/blogs/harrywaldron.../05/82584.aspx

OK, thanks for all this - it'll take a lot of digesting - but for
the moment, I think the most important question is how to check
thoroughly to see if we have been attacked, and if so how badly,
and what to do about it. (I hope, short of wiping the hard disks
of three networked PCs! - but I do keep regular backups of all my
data, in case the worst happens - I just haven't got a convenient
recent backup of all of it in one place.)

--
Angus Rodgers
(twirlip@ eats spam; reply to angusrod@)
Contains mild peril

On Sat, 19 Jan 2008 07:52:37 -0600, "VanguardLH"
wrote:

Whose computer is it? Hers or yours? Did you buy it for her to *use*
but you still own it? Or did you buy it to give it to her so it is
her property?

Probably the root of the problem is that I only paid part of the
cost, my ex-wife paid for most of it, and so I never felt I was
in charge of the machine. It was basically a present from her
mother, which she couldn't quite afford, so I chipped in with
part of the cost, which was all I could afford (in fact, more).

And who is paying for the Internet access?

No prizes for guessing the answer to that one! :-)

If you still own the computer, you will have to wipe the drive and
reinstall the OS.

My ex-wife supports any reasonable action I take for the purposes
of security, so there is no legal question about my right to take
appropriate action. (There will be Hell to pay, however, in other
ways. My daughter will make sure of that ...)

Since she had admin account access, by now she
could have installed a keylogger

Almost certainly not intentionally, as she is not technically
minded ... unless she has been coached by a more savvy teenage
crony, which is not impossible ... :-(

and will find out whatever password
you enter for any account.

It's a worrying possibility in theory, but I don't think it is
very likely in practice - as she seemed helpless when I changed
the admin account password the first time, and had to ask me to
log in for her.

Boot from the install CD, format the
partitions, put a STRONG password on the Administrator account, and
give her a restricted account. If she needs to later install software
on YOUR computer then she will have to wait until you get around to
doing it.

That's definitely the way it will have to be from now on (except,
I hope, for having to format everything, although of course I'll
do that if I'm convinced it's necessary).

The router probably has a logging feature but you might have to turn
it on. Then you can see where everyone is connecting.

I haven't explored the capacities of the router much, but I fear I'll
have to learn a lot about being vigilant and technically aware ... I
didn't even want to go onto broadband at this time, as I knew it was
more work than I was ready for, but my dial-up service came to an end.

Supposedly you are the parent. Supposedly the computer is still your
property that you allow her to use. So whatever happened to taking
away the kids toys as punishment?

She's already forfeited both birthday and Christmas presents because
of her behaviour, but (as this instance shows) her behaviour hasn't
obviously improved as a result! I've been extremely angry with her
for many weeks now, and I'm sure she feels punished enough already.

However, she hasn't learned to take seriously anything I say (e.g.
about security). This is the most important thing, not who's boss,
who can bully whom, and so on. It seems incredibly and maddeningly
stupid to me that she sees everything as some kind of opaque power
struggle, instead of trying to LEARN something that is for her own
good, but ... well, she's a teenager.

Force her to go to the library and
wait in line with the numerous kids already using those computers on
hosts that are locked down to limit what she can do with them. If she
repeatedly kept using your car to run over the neighbors yards,
fences, and dogs, would you continue to let her use your car?

http://www.google.com/search?q=%2Bguide+%2Bparenting

Er ... thanks! ... but there's no need to lay it on quite so thick!
I do already know that I have given her too much power, and that I'm
suffering the consequences. The admin account password symbolises
a lot, it seems.

--
Angus Rodgers
(twirlip@ eats spam; reply to angusrod@)
Contains mild peril

"Angus Rodgers" wrote in message
...
"VanguardLH" wrote:

Whose computer is it? Hers or yours? Did you buy it for her to
*use*
but you still own it? Or did you buy it to give it to her so it is
her property?

Probably the root of the problem is that I only paid part of the
cost, my ex-wife paid for most of it, and so I never felt I was
in charge of the machine. It was basically a present from her
mother, which she couldn't quite afford, so I chipped in with
part of the cost, which was all I could afford (in fact, more).

So if it was a gift, do you give gifts with strings attached? In my
family for as back as I can remember through several generations, any
gift once given can be used however the recipient wants. It's
their's, not yours anymore. So the kid is the owner and can be the
admin and do whatever they want regarding software setup; else, you
did not give a gift and instead are only leasing it to the kid or
letting them use your stuff.

And who is paying for the Internet access?

No prizes for guessing the answer to that one! :-)

So you get to control what content can come into your home. As
mentioned, you could look at the router's logs to see to where the kid
is connecting. I don't use Limeware. Maybe it uses a particular port
which means you could block any inbound or outbound connections on
that port number.

If you still own the computer, you will have to wipe the drive and
reinstall the OS.

My ex-wife supports any reasonable action I take for the purposes
of security, so there is no legal question about my right to take
appropriate action. (There will be Hell to pay, however, in other
ways. My daughter will make sure of that ...)

If you didn't gift the computer to your daughter and instead are only
letting her use your property, and if she continues to violate your
rules regarding your property, then either take away the computer or
wipe it and reinstall the OS everytime she disobeys.

Alternatively, stop letting her use the computer in her room. Put her
computer in the living room where everyone in the house gets to see
how she is using it. In her room, she'll feel secreted and will sneak
into whatever activity she wants. Even if you're not in the living
room, she knows that whatever she is doing is easily noticed by anyone
wandering through the house.

Since she had admin account access, by now she
could have installed a keylogger

Almost certainly not intentionally, as she is not technically
minded ... unless she has been coached by a more savvy teenage
crony, which is not impossible ... :-(

Since 6-years olds can install keyloggers and use them to find the
logins for their parents, your daughter could do it, too. That's why
you need to wipe the computer, install a fresh copy of the OS (if
anything to make an inconvenience to her as she has done to you), and
give her only a limited account and then come begging to you to
install any software after that. If she refuses to grow up then
continue to treat her like a baby.

The router probably has a logging feature but you might have to turn
it on. Then you can see where everyone is connecting.

I haven't explored the capacities of the router much, but I fear
I'll
have to learn a lot about being vigilant and technically aware ... I
didn't even want to go onto broadband at this time, as I knew it was
more work than I was ready for, but my dial-up service came to an
end.

You might want to do a Google search on censorware. If this kid is
underage then you might want to regulate what she sees.

She's already forfeited both birthday and Christmas presents because
of her behaviour, but (as this instance shows) her behaviour hasn't
obviously improved as a result! I've been extremely angry with her
for many weeks now, and I'm sure she feels punished enough already.

Take away the computer. Have her use the school or library computers.
Be careful of a sudden increase in visiting her friends' homes since
she might be connecting over there.

However, she hasn't learned to take seriously anything I say (e.g.
about security). This is the most important thing, not who's boss,
who can bully whom, and so on. It seems incredibly and maddeningly
stupid to me that she sees everything as some kind of opaque power
struggle, instead of trying to LEARN something that is for her own
good, but ... well, she's a teenager.

Don't argue. You never win arguments with children. Just do it.
Take away the computer. You might also check what Net capabilities
her cell phone has, or take that away, too.

[Warning: no technical content, can be skipped; sorry for the
off-topic but unavoidable digression.]

On Sat, 19 Jan 2008 15:44:13 -0600, "VanguardLH"
wrote:

"Angus Rodgers" wrote in message
.. .
"VanguardLH" wrote:

Whose computer is it? Hers or yours? Did you buy it for her to
*use*
but you still own it? Or did you buy it to give it to her so it is
her property?

Probably the root of the problem is that I only paid part of the
cost, my ex-wife paid for most of it, and so I never felt I was
in charge of the machine. It was basically a present from her
mother, which she couldn't quite afford, so I chipped in with
part of the cost, which was all I could afford (in fact, more).

So if it was a gift, do you give gifts with strings attached? In my
family for as back as I can remember through several generations, any
gift once given can be used however the recipient wants. It's
their's, not yours anymore. So the kid is the owner and can be the
admin and do whatever they want regarding software setup; else, you
did not give a gift and instead are only leasing it to the kid or
letting them use your stuff.

This could get highly philosophical (that's no bad thing, but I have
to prioritise!), but, briefly, I don't think that the reality of
human relationships is determined by the ultimate threat of force,
which is what legal concepts reduce to. Only in the situation of
ultimate familial breakdown would such concepts come to the fore.

Also, in purely moral terms (regardless of legal considerations),
although I could adopt this black-and-white either/or view which
you seem to be sketching, the implication would seem to be that,
having once allowed her complete control over the machine, I cannot
(i.e. should not) now take that back, and I can (i.e. should) only
retaliate by using the router to cut her off from Internet contact
altogether (in self-defence against the security threat which she
has allowed to affect both of us).

Of course, it might come to that, but it hasn't come to that yet;
and unless and until it does, I much prefer to try to resolve the
situation using communication and free agreement - backed up only
by the threat of /anger/ (which she does feel - my dislike of her
behaviour does hurt her), and not by the threat of force, not even
by the relatively mild level of force involved in my physically
depriving her of Net access.

Even more briefly: the issue of who legally (or morally) owns what
doesn't even come into it, unless things get even worse than they
now are. There is a kind of informal understanding that the computer
is "hers", but this is not absolute, if her behaviour is unreasonable.

I'm not saying that a little more clarity would go amiss, or that the
way I have allowed things to develop is wise (it clearly isn't!); and
this discussion with you is helping me to think it through and make a
sensible decision. I might have to come to take just such a black-
and-white, either/or position as you suggest (the clarity of such a
view is attractive), but if so, it will be one based on future events
and conversations, not what has happened in the past (which is what
led us into this very mess).

From a certain moral point of view, that may itself seem irresponsible;
but I think that true responsibility has more to do with living with the
consequences of one's past actions (however crazy), rather than doggedly
sticking to past decisions (which may themselves have been crazy).

Alternatively, stop letting her use the computer in her room. Put her
computer in the living room where everyone in the house gets to see
how she is using it. In her room, she'll feel secreted and will sneak
into whatever activity she wants. Even if you're not in the living
room, she knows that whatever she is doing is easily noticed by anyone
wandering through the house.

There is no living room. :-)

(This was intended as a one-bedroom flat, but when I got custody
of my daughter it effectively became two bedsitting rooms. I've
always been aware that it is a poor living arrangement precisely
because there is no shared space for relaxing in. I agree with
your analysis as a description of one of its many disadvantages.)

Since she had admin account access, by now she
could have installed a keylogger

Almost certainly not intentionally, as she is not technically
minded ... unless she has been coached by a more savvy teenage
crony, which is not impossible ... :-(

Since 6-years olds can install keyloggers and use them to find the
logins for their parents, your daughter could do it, too. That's why
you need to wipe the computer, install a fresh copy of the OS (if
anything to make an inconvenience to her as she has done to you), and
give her only a limited account and then come begging to you to
install any software after that. If she refuses to grow up then
continue to treat her like a baby.

Well, I can try to find out whether, being the kind of person she
actually is, she is likely to have done such a thing. I cannot go
on trusting her in the way I have been doing, obviously, but I can
go on trusting my own /judgement/ of her, rather than resorting to
drastic physical action in the absence of psychological knowledge.

I have already told her about the advice I have been given to wipe
all the hard disks and start again from scratch; and I said that I
will do exactly that, if I have to. But I much prefer to hold any
kind of threat in reserve, and see if she can be made to see sense,
one way or another, without me having to resort to unilateral action.

(Beyond what was to me the obviously necessary action of changing
the admin password - not ideal, possibly against your principles,
but pragmatically preferable to the alternatives I could think of.
It seemed to represent the least interference with her freedom in
the situation. Also I just had to do something, and quickly too!)

You might want to do a Google search on censorware. If this kid is
underage then you might want to regulate what she sees.

She's just turned 16. In most respects, she's mature beyond her
years, and shows good judgement. But in the last year this basic
character has been markedly altered, and if there is a single
theme (which I doubt!), it is her determination to invalidate
my judgement and learn nothing from it. She is far from naive,
not generally self-destructive, and not at all stupid. So I'm
not too worried about her use of the Internet in a general way.

(Of course, I will have to revise all my judgements in the light
of the fact that I have so seriously misjudged this situation.)

Take away the computer. Have her use the school or library computers.
Be careful of a sudden increase in visiting her friends' homes since
she might be connecting over there.

Again, this is a threat to be held in reserve. She knows how
angry I am, and that I am willing to take action to defend our
security (however belatedly!).

Don't argue. You never win arguments with children. Just do it.

Absolutely, I am in complete agreement with you over that.

I can and will /discuss/ it with her, but always with the
understanding that I am going to take action, and in the
last analysis what happens now is up to me, not her. She
can (and probably will) influence me, but the decision is
mine, not hers.

I just have to be careful not to be "influenced" by her into
doing something damned stupid (again)!

Take away the computer. You might also check what Net capabilities
her cell phone has, or take that away, too.

grimace Yes, that is another worry. (L-o-n-g story, in fact -
I've already embarrassed myself, and annoyed at least one other
poster, by stumbling into this kind of informal "family therapy"
on Usenet because of her demand for a mobile phone!) So much to
worry about ... and she knows it, and she just doesn't worry ...

--
Angus Rodgers
(twirlip@ eats spam; reply to angusrod@)
Contains mild peril

Angus Rodgers wrote:

If a rootkit is involved, there is presumably little chance even of
detecting the problem, let alone curing it; but short of that, what
is my best chance of doing something about a possible infection?

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/...moving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/siche...ning_tool.html
- download site

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware he
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard disclaimer: I can't see and test your computer myself, so these
are just suggestions based on many years of being a professional
computer tech; suggestions based on what you've written. You should not
take my suggestions as a definitive diagnosis. If you can't do the work
yourself (and there is no shame in admitting this isn't your cup of
tea), take the machine to a professional computer repair shop (not your
local equivalent of BigComputerStore/GeekSquad). Please be aware that
not all local shops are skilled at removing malware and even if they
are, your computer may be so infested that Windows will need to be
clean-installed. If possible, have all your data backed up before you
take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

"Angus Rodgers" wrote in message
...
There is no living room. :-)
(This was intended as a one-bedroom flat, but when I got custody
of my daughter it effectively became two bedsitting rooms. I've
always been aware that it is a poor living arrangement precisely
because there is no shared space for relaxing in. I agree with
your analysis as a description of one of its many disadvantages.)

You mention that you found her asleep at the computer while
downloading files using Limewire. Presumably this meant she was up
late. Again, take a look in your router. It may have an option to
limit when a particular host can have Internet access. Instead of
trying to block her MAC during certain hours, block all MACs except
yours (that is because Windows lets you change the MAC so she could
get around that restriction but not many users know about changing
their MAC address). If she is supposed to be sleeping at 9AM then
configure the router so there is no Internet access from 9PM to, say,
7AM.

Well, I can try to find out whether, being the kind of person she
actually is, she is likely to have done such a thing. I cannot go
on trusting her in the way I have been doing, obviously, but I can
go on trusting my own /judgement/ of her, rather than resorting to
drastic physical action in the absence of psychological knowledge.

Considering her Internet behavior and lack of expertise in knowing how
to safely surf, wiping the drive and a fresh OS install isn't just to
prevent keylogging that she might've installed but any pests she has
picked up by that behavior.

I have already told her about the advice I have been given to wipe
all the hard disks and start again from scratch; and I said that I
will do exactly that, if I have to.

If you go that route, do the fresh install, install the applications
that she gets to use, do all the updates, and then save an image of
the partition(s). Then when you have to restore her computer, you
just restore back to the baseline image rather than have to go through
all the installs again.

You might want to do a Google search on censorware. If this kid is
underage then you might want to regulate what she sees.

She's just turned 16.

Geez, I thought we were talking about some 5-year old child trying to
test their boundaries. At 16, if she is still acting like a baby then
forget the kid gloves in handling her disobedience. Take away the
computer. She is way too old to be feigning stupidity. Autism isn't
involved here, right?

Angus Rodgers wrote:
[Warning: no technical content, can be skipped; sorry for the
off-topic but unavoidable digression.]

Well, a lot on parenting, children and computer use.

Angus, what I've done with my children is install CyberSitter. It
monitors their actions in a covert enough manner that they never seem to
pin-point why they just can't do certain things. It might be worth
considering.

Dennis

"Angus Rodgers" wrote in message
...
My daughter's laptop runs Windows XP Home (which I don't use
myself, and don't know much about). I set it up with normal
user accounts for her and myself, and an account named "Admin"
with administrator privileges (if that's the right term).

I explained to her (and thought she understood) that the "Admin"
account was not to be used for everyday operations. (But I wonder
now why I ever trusted her with the password in the first place.)

We recently went onto broadband for the first time; and a couple
of days ago I found she had fallen asleep in front of the laptop
while logged in as "Admin", and running the file-sharing program
LimeWire (which I also know little about, but I presume must pose
some security risks).
....(snip)
The Limewire app probably runs only in accounts that have Admin privileges.
I believe it is written in Java. She probably discovered this when she tried
to run Limewire and therefore took the easy way out (technically) . She is
clearly determined to run Limewire one way or another. Maybe another way you
could put it to her is to tell her not to run peer-to-peer applications at
all, including BitTorrent. If you are afraid of such apps on your network I
don't blame you but after all it is your home network, even though you state
that it is "her" computer.

--
Allan

or BEST case.
try parenting classes, instead of asking the world to help you control your child.








"Allan" wrote in message ...

"Angus Rodgers" wrote in message
...
My daughter's laptop runs Windows XP Home (which I don't use
myself, and don't know much about). I set it up with normal
user accounts for her and myself, and an account named "Admin"
with administrator privileges (if that's the right term).

I explained to her (and thought she understood) that the "Admin"
account was not to be used for everyday operations. (But I wonder
now why I ever trusted her with the password in the first place.)

We recently went onto broadband for the first time; and a couple
of days ago I found she had fallen asleep in front of the laptop
while logged in as "Admin", and running the file-sharing program
LimeWire (which I also know little about, but I presume must pose
some security risks).
...(snip)
The Limewire app probably runs only in accounts that have Admin privileges.
I believe it is written in Java. She probably discovered this when she tried
to run Limewire and therefore took the easy way out (technically) . She is
clearly determined to run Limewire one way or another. Maybe another way you
could put it to her is to tell her not to run peer-to-peer applications at
all, including BitTorrent. If you are afraid of such apps on your network I
don't blame you but after all it is your home network, even though you state
that it is "her" computer.

--
Allan