Hi I am a newbie and desperately looking for help!

My DH has been sacked for accessing inappropriate websites at work and is appealing the decision.  We have asked for their evidence and have been sent pages and pages of surf control infor showing websites his computer has visited.  He has not accessed these sites (literally thousands in the space of a couple of days).  All the times are when he has been at work and most seem to be when he was at his desk (obviously he can't recall to the precise minute when he was there).  He is not techy at all but thinks his computer goes into hibernation when he is not using it (he gets a screensaver, then the screen goes blank a short while later) so it seems that whatever is accessing this info is only doing it when the computer is active.

We are just desperately trying to understand what might have happened.  I am guessing he has a local virus, but no idea what the virus might be, why it hasn't spread to other computers or how it could have got there.  He is aware of having received some spam email (he has a published work email address) and some of it has been INNOCENT looking and looked like other work email.  He has occasionally therefore clicked on a link (so in addition to being sacked for attempting to access such sites he has also been sacked for putting the company's systems at risk).  Whatever is doing this is doing it without his knowledge.  He does have IE open all the time at work but has not been aware of this activity at all.

And yes, before you ask, I do believe that he has not been surfing porn at work.

So please help!  He loved that job and we are desperate to come up with an EXPLANATION for what has happened that might persuade them to take him back.

Thanks in advanceHi tvgirl, please read this first before requesting malware removal: Click here.Hi there,

Thanks for your reply.  Unfortunately we are not looking for malware removal as he has already been sacked and no longer have access to the computer.  We are trying to understand how this has happened and what virus etc could be responsible so that he can try to explain to them at his appeal that he is not at fault and persuade them to GIVE him his job back!

CheersWe understand your problem.But we can't simply help you without any information regarding running processes in your computer.So, please follow the prework and  post the required logs in  your next reply. It will  help us to solve your problem more efficiently .Sorry!  Unfortunately we don't have access to the computer so there is no way I can get any more info.  I'm just looking for possible explanations really - and I know I'm grasping at straws a bit..

ThanksYour coworker is pretty much euchred........A good lawyer who deals with wrongful dismissal suits will be your best source of information on this topic....they deal with this all the time and will give you a qualified answer as to what your coworkers chances of reinstatement  are.....
It's my husband - and I think you might be right 

Does anyone know of whether a virus would do this, though?  Are there any well known types that do this wort of thing?  I'm afraid I don't really know the difference between a worm or a trojan or a virus, so I am using the word 'virus' to mean anything malicious.  If there is something that can do this, how would it have got onto his computer?  And why wouldn't it have spread to other computers?

Sorry for all the questions...

ThanksIf this is the case, "literally thousands in the space of a couple of days" of websites appeared in surf control then there is a good chance something is amiss with the security on the network..... this is where a lawyer will question the network administrators housekeeping practices and whether the security upkeep has been followed, logs are sometimes kept depending on policy....It all depends on how far you wish to take the suit, how much service your husband has with the company, have they been on his *censored* for another reason and is this a convenient manner to dismiss him?.....lotta questions to be answered.Do you have or can you request a copy of the firewall logs that indicates where your husband has allegedly surfed on their network?

There are several possibilities, but take with a grain of salt until you (or an attorney) can gather more evidence:

1) Your hubby's logon password was something stupidly easy to guess and/or he put on a sticky note with his password around his desk.  Someone gets password, logs into his PC or user account, surfs pr0nz, and profits.  IT departments' logs may go solely by user name basis, RATHER than computer.

2) Same as #1, but add that someone could have logged into his PC remotely.  Windows Remote Desktop locks the host computer while the guest accesses it, and the host's monitor can be in a screen saver or off.

3) Malware can certainly cause deh pronz to appear in firewall logs. Quote from: tvgirl on August 28, 2009, 07:24:24 AM

Does anyone know of whether a virus would do this, though?

Are there any well known types that do this wort of thing?  I'm afraid I don't really know the difference between a worm or a trojan or a virus, so I am using the word 'virus' to mean anything malicious.

If there is something that can do this, how would it have got onto his computer?