I first need to set this small story up, this building that i am talking about has several floors, 8 or 9. This office that i am talking about has its own network. this building has their own IT team, 24 hrs, and has a cleaning staff……..
Over the weekend i decided to do some work on my pc, at that location from home via RDP, it’s after hours so the office is locked. i RDP into the computer and i get the popup that so and so is currently logged in to the computer, if i log in they will be disconnected. i log in to my account and start setting up a program that i want to test, pc anywhere, all of a sudden i get kicked off, i know immediately that something isn’t right, so i try to connect back, i get the pop up that said that i was refused permission to log in, what the “@#$%&!”
I also have a log me in account, so i go to log me in, logged into my admin account, not the account that was running, went to user profiles and changed the password. Right after, i lost connection. they shut down the computer.
This morninig, i had the staff turn the computer on and logged into the computer, it had 2 .txt files on the desktop and one in the documents folder. 2 of the text files were ton’s of e-mail addresses, and the other was a story about someone had died and left 10 million dollers, call me and we can split it type of deal, much more proffesionally written. I looked at the history and found they had visited sweetylife.com/smtper, dnsstuff and AMS4.3 installed, Advanced Mass Sender. i tracked down the domain, where the return emails would be sent to, it was in Saudi Arabia
Questions,
What should i do
Does this sound like a inside jobe
How did they get the password to the computer
Could they have telneted into the computer
How did they shut the computer down, can they do that through telnet?
