A story of my day and of Just how bad some business are run

[+Warwagon MVC]

Let me tell you about my day and about how some business really have no clue.

I get a call from a business I will not name other than that they sell vehicles. They said their main finance computer was down. The computer they use to finalize sales (Only one they have that does this job, nothing fancy XP machine with special applications). They needed me over their right away because without it they couldn’t sell any vehicles.

It was an XP machine that on boot would bluescreen with a Stop 0x0000008E win32k.sys.

After 2 hours of trying a crap load of stuff (Spinrite scan for bad sectors (40 mins), chkdsk, replacing win32k.sys, a different video card, different ram) I was still no further than when I arrive. I’ve booted off bartpe a few times, but this particular time I saw in the system32 directory when arranged by date a bunch of random files as of recent. Cxycydyd.exe or dkjlioewe.dll stuff like that. Not knowing what exactly they were other than most likely malware related I didn’t want to delete them just renamed them with the word “Old” after them.

Upon rebooting again windows booted right up. But I noticed on this work computer Itunes and Yahoo Messenger and other non essential applications where installed.

That’s not the worst part of the story.

Because they were infected I asked what kind of information gets entered into this computer.

She said, well I do enter “Social Security” numbers in this computer all day. It is required when someone buys a vehicle.

First I was speechless.

Then I thought “A work computer that gets confidential information like social security numbers and god knows what else entered onto it all day long, has things like ITunes and yahoo messenger. Not to mention is able to be surfed in such a way the security of the machine is compromised by malware.

I informed the person that managed their systems that she should not be allowed to install this kind of stuff on a machine.

I would also think it would be a good idea to have a 2nd BACKUP computer to fall back on when this computer goes down. While the computer is down no money can be made.

On a computer that important, all websites should be locked down other than the 2 websites required to successfully complete her job.

Likewise all applications should be locked down other than the 2 required to successfully complete her job.

Edited August 28, 2008 by warwagon

[ATGC]

Call the company out so people can avoid it.

I feel bad for their customers, they should be notified of this immediately. I'm assuming you actually found malware, viruses, etc.

[+Warwagon MVC]

Call the company out so people can avoid it.

I feel bad for their customers, they should be notified of this immediately. I'm assuming you actually found malware, viruses, etc.

Well she said before her computer decided not to boot she was getting a lot of pop ups. On the first boot after I renamed those files I got a box that popped up on startup saying can't find DKLFHDJD.dll (some random file)

[ATGC]

I'm pretty sure something like this has to be reported to the FBI or Police. Those sensitive information should be searched to see if anyone is illegally using someones social security number and other info.

edit: I guess these are the correct steps to take.

However, a person using your card or number can get other personal information about you and apply for credit in your name. So if you suspect someone is using your number, you should take these steps to protect yourself and your financial health:

* Educate yourself about identity theft;

* File a complaint with the Federal Trade Commission;

* Check your Social Security records (call toll-free 1-800-772-1213; TTY 1-800-325-0778) to ensure your income is calculated correctly; and

* Monitor your credit reports.

http://ssa-custhelp.ssa.gov/cgi-bin/ssa.cf...php?p_faqid=329

Anyways, thats one messed up company. (N)

[+John Teacake MVC]

I doubt iTunes is the problem here lol. Besides if it is installed on a works PC there IS a liscence fee you have to pay. I found this out at work a few weeks back when we had a software company do liscence audit. I was asked to remove it.

[PermaSt0ne]

I doubt iTunes is the problem here lol. Besides if it is installed on a works PC there IS a liscence fee you have to pay. I found this out at work a few weeks back when we had a software company do liscence audit. I was asked to remove it.

uhhh that's not the point

a WORK computer, where people enter their SOCIAL SECURITY NUMBERS is being used by the employee's for personal stuff. it's not acceptable to put people's lives on the line because you want to chat with your buddies on yahoo messenger or because you want to browse your myspace page

[+Nik Louch Subscriber²]

Disgusting that they did this.

Then again, disgusting that it's not locked down.