Company computer privacy

Sweet_lumberjack

Commendable
Jan 29, 2017
4
0
1,510
0
Hello world!

I work in a digital marketing company and there has been some modifications since a few weeks. Long story short I now work from home and I got a computer from my company. This is really nice but now here's my concern:

I'd like to use it for a more personal use but my boss is a computer engineer and I'm afraid that there might be spy software or rootkits which would allow him to enter/see what I do and have on this computer, or even a keystroke logger.

Do you know how I could use to detect/get rid of them?

- I have the administrator privileges and password
- The computer is running windows 10
- I have uninstalled Teamviewer
- Malwarebytes Anti Malware did'nt find anything
- I have scanned my system with Malwarebytes and have put all the suspected malicious items in the quarantine. Here below's the report.


-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}w64, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{13D15E3A-76E7-4D02-A755-7B668FB103B2}, No Action By User, [117], [337429],1.0.1129
PUP.Optional.Dsrlte, HKU\S-1-5-21-3115390640-629360802-624484214-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951E15AA-4E3D-4E2C-820C-B9F3C62E682B}, No Action By User, [16861], [237958],1.0.1129
PUP.Optional.KeepMySearch, HKU\S-1-5-21-3115390640-629360802-624484214-1001_Classes\keepmysearch, No Action By User, [16994], [239725],1.0.1129
PUP.Optional.YahooSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Search, No Action By User, [17566], [245143],1.0.1129
PUP.Optional.YahooSearch, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Search Updater, No Action By User, [17566], [245143],1.0.1129
PUP.Optional.InstallCore, HKU\S-1-5-21-3115390640-629360802-624484214-1001\SOFTWARE\InstallCore, No Action By User, [8], [239563],1.0.1129

Registry Value: 3
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{13D15E3A-76E7-4D02-A755-7B668FB103B2}|PATH, No Action By User, [117], [337429],1.0.1129
PUP.Optional.Dsrlte, HKU\S-1-5-21-3115390640-629360802-624484214-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951E15AA-4E3D-4E2C-820C-B9F3C62E682B}|FAVICONURL, No Action By User, [16861], [237958],1.0.1129
PUP.Optional.Dsrlte, HKU\S-1-5-21-3115390640-629360802-624484214-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{951E15AA-4E3D-4E2C-820C-B9F3C62E682B}|URL, No Action By User, [16861], [237958],1.0.1129

Registry Data: 1
PUP.Optional.Dsrlte, HKU\S-1-5-21-3115390640-629360802-624484214-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [16861], [293067],1.0.1129

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.PayByAds, C:\Users\KREM SOFT\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2, No Action By User, [4053], [178834],1.0.1129
PUP.Optional.PayByAds, C:\Users\KREM SOFT\AppData\Local\Pay-By-Ads\Yahoo! Search, No Action By User, [4053], [178834],1.0.1129
PUP.Optional.PayByAds, C:\USERS\KREM SOFT\APPDATA\LOCAL\Pay-By-Ads, No Action By User, [4053], [178834],1.0.1129

File: 8
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{3BCF4F2C-0BBB-4D4C-BF1F-11BBE6D501EA}GW64.SYS, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{915CB94B-B4D8-4C0E-83B4-61409471B1C3}GW64.SYS, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{16A92140-918D-4AFB-9EDB-46F22437BB10}GW64.SYS, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{641E52B1-3179-43ED-8BCB-F688871E52B0}GW64.SYS, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.BrowseFox, C:\WINDOWS\SYSTEM32\DRIVERS\{3BCF4F2C-0BBB-4D4C-BF1F-11BBE6D501EA}W64.SYS, No Action By User, [2076], [299543],1.0.1129
PUP.Optional.PayByAds, C:\Users\KREM SOFT\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\app.ini, No Action By User, [4053], [178834],1.0.1129
PUP.Optional.YahooSearch, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Search, No Action By User, [17566], [245141],1.0.1129
PUP.Optional.YahooSearch, C:\WINDOWS\SYSTEM32\TASKS\Yahoo! Search Updater, No Action By User, [17566], [245141],1.0.1129

Physical Sector: 0
(No malicious items detected)


(end)


So, what would be the steps to follow in order to ensure there are not such programs/rootkits/whatever that could've been installed? This isn't a big company with highly modified computer, so I believe we can do something about it.

A box of chocolate for whoever help me with that :)

Thaaaaaank you!

Sweet_lumberjack

 

JohnBonhamsGhost

Estimable
Jan 14, 2016
50
0
4,610
15
do not. if you're job isn't worth keeping, then go ahead and mess with it. but i doubt Tom's wants the responsibility of having caused you to do so.

your best bet would be to setup a separate OS for personal use, whether it be an internal virtual workstation on the existing drive or a separate drive with a personal install.
 
JBG gave good advice. If you want to keep your job, why risk it? Leave the system alone. If you truly want to pursue this, boot from a Live DVD/CD/USB drive with some flavor of Linux. When you are done doing whatever you do, nothing is left behind.
 

InvalidError

Distinguished
Moderator
May 18, 2007
295
0
19,260
86
As said above, if you want to keep your job, don't mess with the PC for any non-work-related reasons. If there is monitoring software on the PC, then the company will likely ask questions if that software fails to phone home because you messed with it.

If you follow COLGeek's suggestion, you may want to unplug the SSD/HDD to make sure the liveCD or whatever you end up booting the PC with cannot modify or access the company's drive.
 

Sweet_lumberjack

Commendable
Jan 29, 2017
4
0
1,510
0
I really understand what you're all saying, but I'm a little concerned about the fact that my employer might see my passwords and some other sensitive information. Let's say that I do not really trust him and that I'm a little worried.

Now, let's say that I do not want to mess with the computer but just know to want to know whether my computer is monitored or not: what could I possibly do?

Thanks for your prompt answers btw
 
Ask your employer? Seriously, there are any number of scanning options to verify the safety of your system.

If you have trust issues with your employer, you have an issue we can't help you with. If you are doing unauthorized things with the company computer, you need to decide what is more important.

If you are still unsure, just google these terms: (online malware scanner)

https://www.google.com/search?q=online+malware+scanner&ie=utf-8&oe=utf-8


 

Sweet_lumberjack

Commendable
Jan 29, 2017
4
0
1,510
0
I'm not asking anybody to help me with the trust I put in my boss or anything which isn't related to software, and that's my own decision to try detecting what may harm me. You know, I don't really mind loosing my job or so, I just want to know if I'm being monitored.

Also, it is not about doing unauthorized things with the computer since nothing has been forbidden on that particular point.

I have done some analysis with some malware scanners but now my question is: is it possible that the computer has been set up in a way that those malwares are actually not detectable a all?
 

rgd1101

Polypheme
Moderator


simple answer, yes
 

InvalidError

Distinguished
Moderator
May 18, 2007
295
0
19,260
86

Simply don't use the computer for personal stuff if you are worried about your employer snooping on personal stuff. Work-wise, most of your work-related data will ultimately go through one of the company's servers where the IT department can usually access it even without your password.

If an employer lent me a PC and I used it for personal stuff, I'd run an OS from a different boot drive to keep work and personal physically separate. Wouldn't want to lose a job or get sued because a website I visited or software I installed for non-work-related reasons ended up leaking company-confidential data from the company drive or network.
 

The answer is YES, your company could have monitoring tools in place that will not be detected by most scans. For example, my work system (on it now, in fact) has some very complex monitoring tools that will go undetected by all but the most detailed (and intrusive) of scans.

Good luck.
 
Thread starter Similar threads Forum Replies Date
Casey Case Antivirus / Security / Privacy 3
H Antivirus / Security / Privacy 10
R Antivirus / Security / Privacy 3
S Antivirus / Security / Privacy 14
R Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 2
K Antivirus / Security / Privacy 2
K Antivirus / Security / Privacy 1
K Antivirus / Security / Privacy 8
G Antivirus / Security / Privacy 3
T Antivirus / Security / Privacy 2
eman2002826 Antivirus / Security / Privacy 5
R Antivirus / Security / Privacy 2
S Antivirus / Security / Privacy 4
M Antivirus / Security / Privacy 1
H Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 2
C Antivirus / Security / Privacy 5
E Antivirus / Security / Privacy 1
Jill Scharr Antivirus / Security / Privacy 2

ASK THE COMMUNITY