How To Make Your Computer Catch People Stealing Your Porn

Here’s how we rigged our computer to make a video of itself and caught the Geek Squad stealing porn from it.

Disclaimer: These instructions are for intermediate to advanced computer users and we will not provide any support nor be liable for anyone who turns their computer into a scorched pile of rancid silicon.

1) Load up a base Windows XP system, and fill it with sweet, sweet “honey”. As a baseline, our Poohbear system was a 1.2 GHZ AMD Athlon with 256MB of RAM, about the minimum system requirements you’ll need.

2) Set up software that would allow us to review the actions that took place during repair.

3)

Send it out into the field.

Two main pieces of software make up Poohbear’s guts:

• TightVNC (or any VNC program)

• Pyvnc2swf

TightVNC operates as the recorder, providing an interface to output the desktop of the PC. Pyvnc2swf captures the results of those images and archives them into a file for later retrieval. Pyvnc2swf provides several methods for archival. As Poohbear had minimal CPU/Memory, we opted for raw dumps to a VNC file. A beefier system could allow for straight dumps to a compressed SWF file.

TightVNC setup

tightvncsetup.jpg

After installing TightVNC, configure the helper application, including password and allowing for local loopback connections. Once you’ve used the helper application, disable it from start-up. You don’t want it to show up on the taskbar or it may give the recording away.

Pyvnc2swf

The real work comes from pycnc2swf, which we will need to launch from a batch file. The batch file provides an easy way for to randomize the output files and it can be spawned from a helper service. The helper service, srvany.exe, is a program that allows regular Windows applications to be deployed as a service in Windows. Once your batch file is defined, you can follow these instructions to setup the file to launch at start-up time. As part of the process of defining a service, you’ll want to make sure that the name you give it sounds kinda Microsoftian, like “Windows Image Capture Service.” In our video, when the technician looks through the service names, he passes right over it.

Here is a copy of what our pyvnc2swf launching batch file looked like:

pyvncswf.jpg

(Note: The second line is wrapped)

As referenced in the batch file, you’ll need to set up an empty file of your choosing so that pyvnc2swf knows what password to log into VNC with. The file we chose, password.txt, contains nothing but the password on its own line. The %RANDOM% parameter guarantees that pyvnc2swf won’t accidentally overwrite its own files when it is booting up a second or third time. Feel free to substitute your own variable, like %TIME%.

After everything has been set up, verify that your custom service is set to “Automatic”. If the instructions have been followed correctly, then every subsequent reboot of your PC should immediately start recording the contents of the desktop to a directory you’ve defined on the system. You can later retrieve these files and use the pyvnc2swf “edit” utility to convert that file to your specific needs.

PREVIOUSLY: VIDEO: Consumerist Catches Geek Squad Stealing Porn From Customer’s Computer

Comments

Edit Your Comment

  1. dbeahn says:

    I is in ur comptors stealing ur pornses!

  2. Can you post links to where we can get this software from?

  3. 3ZKL says:

    where to get teh pr0nz?! LULZZ!!!1!1!!

  4. B says:

    @3ZKL:
    1: Get a job at Geek Squad (or other computer repair firm)
    2: Steal porn from client computers
    3: ?
    4: Profit!

  5. swalve says:

    For the uninitiated- VNC and it’s variants are remote control programs used for supporting remote computers and accessing your own PCs from work/home.

  6. Xerloq says:

    How does this work if, say, I boot the compy using WinPE (or some variant) and then grab the files that way?

  7. Kimli says:

    @B:
    Snerk!

  8. Nighthawk Foo says:

    @Xerloq: That would be one way to access the hard drive contents without being recorded. You could also boot a Linux live CD as well.

  9. CapitalC says:

    @They Call Me Dan: Google broken for you?

    TightVNC
    pyvnc2swf

  10. if you don’t want your porn stolen, don’t send it out wiht porn on it!!

  11. 2600 says:

    If I was looking at someones box I would be doing all my fixing in Safemode. If you wanted to really mess with someone DRM all your pr0n vids or if you are using XP Pro encrypt your pics.

  12. geek.tech.nerd says:

    Though I am sure there are incidents of such things happening. I was once a computer technician for geeksquad and there are a few things i want to point out about this video.

    1. If a person wanted to steal porn off of a customers computer the software you saw of the first snapshot would be capable of doing it no problem, merely by loading in safe mode which will terminate none system critical services and programs (your programs you loaded to “watch” the agent).

    2. If a tech were to take off services on a computer s(he) would be able to differentiate between “system” services and “user” services very easily. Not to mention he would not do it unless he were being paid( a $20 – $30 service), for a good reason(as a tech at geeksquad i do not honestly remember having time to do “other” things). When you are working on 5 – 10 computers on your own as well as checking in/ talking with new customers things are very busy until you leave(or go to lunch).

    3. The programs in the “Flash Drive” are “names” of a couple Geeksquad programs the difference though is the “MRI” and “Customizer” are not batch files for one they are full fledge CD’s in size not the 1KB size of each of them in the picture as well as the “McAffee removal” which is also not a batch file nor 1KB in size.

    4. The files/ programs for geeksquad have to follow SOP (Standard Operating Procedures). Which means the programs and files on each flash drive are to be identical from one precinct to the next. NONE of the files depicted in the image of the flash drive are SOP as well as the high-res image of the “flash drive” has the drive letter and Name censored so it could be a picture of a different drive or your hard drive there is no real proof.

    5. Yes Geeksquad has a special forum for higher level agents of which the normal tech in your local bestbuy geeksquad store has no access to in these forums there is merely a bunch of geeksquad tech’s who exchange info on how to fix problems on computers and when the new software updates are going to be for the geeksquad software it is not a place to upload porn and is very tightly regulated not everyone who is geeksquad has access.

    I am not saying that Geeksquad is perfect if anything they are very over priced and i am sure there have been some bad apples. I just want to call in to question the validity of this video/ experiment there is not enough “proof” to much of this video is in the control of the person videotaping who is obviously not unbiased.

    4.

  13. kc-guy says:

    I’m a PC guy, and a friend of mine has worked his way up from tech to District Manager. In his (and my) experience, the most common reason for computers to be sent to Geek Squad (or any other repair service) is spyware.

    The technician’s failure to check the running processes for spyware (with good or evil intentions) was just…sloppy. No wonder it didn’t occur to him to use a Linux or WinPE disk. So much for his claim as a 133t h4x0r.

  14. @kc-guy: That’s absolutely right. The first thing ANY good tech does when he gets a box in is disable any and every running service that isnt required for windows to function. Sure, he’ll turn some of them back on later, but if I was going through the service list and saw something shady like that it’d be disabled for good. I’ve said this before, I’ll say it again…

    The problems with geek squad boil down to the fact that you can’t keep good techs if you don’t pay shit. A good tech doesnt ever complain about not having the tools he needs to do his job because he owns them all. A good tech doesn’t need service manuals (at least in the pc and laptop world). A good tech tells his pansy corporate asslicking boss to leave him alone and let him turn out a quality product. Said good tech gets fired and goes into corporate support where he can a) make money and b)not have to put up with bullshit. Maybe if GS wanted to pay a decent wage they’d have good employees and then we wouldnt be reading about what the dumb high school kids did.

  15. Trai_Dep says:

    …And across this vasy nation, older brothers breath a quiet sigh of relief while their younger brothers feel – for inexplicable reasons – a foreboding sense of You’re SO b-u-s-t-e-d looming across their horizons.

  16. clavicle says:

    Good to know, but what software did you use to generate the CSV with all the attempted accesses to files?

  17. Hebi-kai says:

    What’s the wddm file listed in the batch file? Is the Pyvnc2swf renamed? That’s the only thing that doesn’t make sense to me.

  18. Hebi-kai says:

    Doesn’t work 100% as prescribed. I’ll have to try it later when I’m not at work, but it’s a little dodgy.

  19. war59312 says:

    Um I would of seen this in the first few mins. of working on said PC. I would then return the PC unfixed and refund you. Since I would know at this point it was a scam. This is what I would really do.

    Yes I always disable all non Windows applications and services first. Then I check to see what each one is and does. I would have seen this service because I always check out full details on it. I then would have checked to see what files/registry etc. it is accessing on said PC. So I then would have found all the log files and your video.

    If I was having a bad day I might just reformat your PC at this point saying it was infected with a deadly virus. I would never do that… ;)

    That or make a fake video and some fake logs for you. Turn the scam around on you! Then I could download all the pron I want and you would have no clue. Heck might even install my own real keylogger via my own custom rootkit (blue pill type). lol Damn that would be mean!!! ;)

  20. What I would do is just include a free porn DVD with every trip to the Creep Squad and ask them not to lift the porn from my PC.

    That being said, I’ve never needed any Creep Squad services, nor do I have any porn on my computer that I’m aware of.

    Just thinking preemptively.

  21. RebekahSue says:

    I was looking for this article for Small Claims Court. In October 2007, I brought my computer to PCW Computer in Orange, CT to have a USB port repaired. I ran my complete, weekly cleanup, followed your instructions, and ran a virus scan before bringing in the computer.

    When my computer was returned, the tech not only hadn’t repaired the ports* but had swept the computer. Your software was gone. Hell, so was MY AVG. The tech “doesn’t like AVG” and replaced it with Panda. He “found a Virus” which, I think, was actually the TightVNC.

    The tech who came to my house found that the system files had been randomly deleted, too. Why was a tech at my house, you ask? When I got my computer back, I couldn’t get online at all, although my other computers connected with no problem. Furthermore, half my program files were gone (for example, Firefox, Photoshop, Foxit Reader, Google Earth…) and, as I looked in horror, most of the others disappeared as well.

    The company ignored three pleas to look at the computer under its warranty. I finally, with the home tech’s help, reinstalled Windows entirely.

    Connecticut’s Small Claims courts are jammed. My case will be heard on Monday.

    *The ports weren’t fixed. When I was able to get back online, I spent a few hours researching. Wish I’d done that to start: I only needed to update the drivers.

  22. Stephen Kawamoto says:

    Somehow, I am so not going to be taking my computer in for repairs anywhere, because I decided to give up on Windows around 2006 for Linux, and haven’t looked back.

    If something goes wrong, then I can just reformat and reinstall Ubuntu Linux.

    Also, if I were doing repairs on someone’s Window, I’d DL a new version of the Helix ISO and go spelunking. Heck, Ubuntu Linux 8.04 can now look at a Windows partition.

  23. stands2reason says:

    Interesting. I would have preferred a VNC program that automatically connects to my domain name so that I could have a live feed.

    Also, full video of the screen capture + built webcam on laptop + built in microphone would have been epic WIN.