[OPLINTECH] Potential Computer Vandalism

Wed Nov 20 12:19:49 EST 2013

Wow, that’s a hard lesson and it’s been interesting reading everyone’s response. We do password protect ours (even staff just in case ☺) but don’t remember ever seeing a setting to password protect the HD through the BIOS. Will have to look again. What models are you using?
Ruchie
Information Technology Coordinator
Fairfield County District Library
219 N. Broad St.
Lancaster, OH 43130
Phone: 653 2745 ext. 201
https://helpdesk.clcohio.org/

Scripts are scripts, the command window is the command window, and ne’er the twain shall meet..

From: oplintech-bounces at lists.oplin.org [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Mike Hensel
Sent: Wednesday, November 20, 2013 12:16 PM
To: 'Chad Morris'; oplintech at lists.oplin.org
Subject: Re: [OPLINTECH] Potential Computer Vandalism

Dell’s solution is to send me new HDs.  Good news they are still under warranty – bad news is we are down for the next two days as we wait to get the HDs and get them reloaded.
Lesson learned – password protect your bios.
Mike Hensel
Director, MLIS
London Public Library
20 E. First Street
London, OH 43140
www.mylondonlibrary.org
740-852-9543
Mobile 614-325-1429

From: oplintech-bounces at lists.oplin.org [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Chad Morris
Sent: Wednesday, November 20, 2013 11:22 AM
To: oplintech at lists.oplin.org
Subject: Re: [OPLINTECH] Potential Computer Vandalism

Try this: http://www.wikihow.com/Break-a-BIOS-Password and http://bios-pw.org/ and http://www.pwcrack.com/bios.shtml

Chad Morris
Technology Coordinator
Franklin-Springboro Public Library
44 E. Fourth Street
Franklin, OH 45005
Office:  (937) 746-2665 ext 116
Fax:     (937) 746-2847
Email:  morrisch at oplin.org<https://mail.oplin.org/webmail/src/compose.php?send_to=morrisch%40oplin.org>
www.fspl.org

From: oplintech-bounces at lists.oplin.org<mailto:oplintech-bounces at lists.oplin.org> [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Mann, James H.
Sent: Wednesday, November 20, 2013 11:18 AM
To: Mike Hensel; 'Stephen Cram'; oplintech at lists.oplin.org<mailto:oplintech at lists.oplin.org>
Subject: Re: [OPLINTECH] Potential Computer Vandalism

Mike
Just for grins is “secure boot” enabled in the bios?
And, have you considered trying “crack” from a bootable drive?

Jim Mann
Technology Coordinator
Greene County Public Library
76 E. Market St
Xenia OH 45385
937 352 4000 x1210
Discover. Learn. Grow.<http://www.greenelibrary.info/>
jmann at gcpl.lib.oh.us<mailto:jmann at gcpl.lib.oh.us>
[cid:image001.jpg at 01CC67C9.EA681980]<http://www.facebook.com/greenelibrary.info>[cid:image002.jpg at 01CC67C9.EA681980]<http://twitter.com/#!/greenelibrary>[cid:image003.jpg at 01CC67C9.EA681980]<http://www.youtube.com/greenelibrary>[cid:image004.jpg at 01CC67C9.EA681980]<http://www.flickr.com/photos/greene-library>

From: oplintech-bounces at lists.oplin.org<mailto:oplintech-bounces at lists.oplin.org> [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Mike Hensel
Sent: Wednesday, November 20, 2013 11:11 AM
To: 'Stephen Cram'; oplintech at lists.oplin.org<mailto:oplintech at lists.oplin.org>
Subject: Re: [OPLINTECH] Potential Computer Vandalism

Stephen:
I cleared the Bios and tried reinstalling a new OS.  Basically the computer read the HD as having no access so that failed as Chad stated.  I need Dell to give me a backdoor password or the hard drives are unless.

Mike Hensel
Director, MLIS
London Public Library
20 E. First Street
London, OH 43140
www.mylondonlibrary.org
740-852-9543
Mobile 614-325-1429

From: oplintech-bounces at lists.oplin.org<mailto:oplintech-bounces at lists.oplin.org> [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Stephen Cram
Sent: Wednesday, November 20, 2013 10:51 AM
To: Oplin Tech list
Subject: Re: [OPLINTECH] Potential Computer Vandalism

All other issues aside, I believe you can salvage the hard drives by attaching to another PC and formatting them and then  re-installing it in the old PC and reloading Windows and beginning again.

And if you identify the culprit, I can send you some toothpicks to shove under their fingernails if you'd like.  I recently found gum shoved into an SD card reader so I'm saving some of my toothpicks for use here.

Stephen Cram
Facilities Coordinator
North Baltimore Public Library

I have been known to accomplish the impossible at times.
However, accomplishing the impossible only means the boss will add it to your regular duties.

-------Original Message-------

From: Mike Hensel<mailto:henselmi at oplin.org>
Date: 11/20/2013 9:21:21 AM
To: oplintech at lists.oplin.org<mailto:oplintech at lists.oplin.org>
Subject: [OPLINTECH] Potential Computer Vandalism

OPLINTech Libraries:

I’ve got a situation where one of my patron computers last week booted up with a Security Manager Screen that basically needed a password to boot from the hard drive.  We run DeepFreeze on all of the computers.  I eventually had to get another hard drive sent from Dell.  Last night 5 more computers displayed the same message.  We lock the computers down with policies as well.  I have not seen any virus alerts pop up in Symantec.  We run Symantec Endpoint.  I don’t believe we had the bios locked down so the only thing I can think of is someone logged into the bios and setup an password on access to the HD which is leaving our machines dead.

Has anyone run across this scenario and is there any easy fixes besides getting a new hard drive and rebuilding the machine.   I’m trying to determine if it was a local hack (patron at each machine) or virus.

Any help would be appreciated.

Mike Hensel
Director, MLIS
London Public Library
20 E. First Street
London, OH 43140
www.mylondonlibrary.org
740-852-9543
Mobile 614-325-1429

FREE Animations for your email - by IncrediMail <http://www.incredimail.com/?id=621131&did=10501&ppd=2812,201301281447,9,1,748381821347692543&rui=153799619&app_test_id=0&sd=20131120>

Click Here! <http://www.incredimail.com/?id=621131&did=10501&ppd=2812,201301281447,9,1,748381821347692543&rui=153799619&app_test_id=0&sd=20131120>

► <http://www.incredimail.com/?id=620777&did=10501&ppd=2741,201201221253,9,1,748381821347692543&rui=153799619&app_test_id=0&sd=20131120>

[cid:image005.gif at 01CEE5E5.EF5E01B0]<http://www.incredimail.com/?id=621131&did=10501&ppd=2812,201301281447,9,1,748381821347692543&rui=153799619&app_test_id=0&sd=20131120>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1074 bytes
Desc: image001.jpg
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0005.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 1027 bytes
Desc: image002.jpg
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0006.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1157 bytes
Desc: image003.jpg
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1067 bytes
Desc: image004.jpg
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 34603 bytes
Desc: image005.gif
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 332 bytes
Desc: image006.jpg
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/73d0268f/attachment-0009.jpg>