A good friend just had her pc stolen from her home a week ago...for the past three nights it has her identity logged on in msn messenger. Is there any way to trck the thief down?

get the ip , tracert it and see the isp. then make a phone call and report the problem

Plenty of ways! - Just ask if you want a detailed description.
The general formular is, as explained above:

::Find out the IP address of the fool that's using your IM. (The forum'll tell you how)
::Trace it. Don't use tracert, download 'Visual Route' and then trace the address... It'll look much cooler for your girlfriend
::Look at the results it turns out.
::Run a few 'whois' requests on the last IPs to find out what companies they are... - Hopefully ISPs.
::Give them a ring, and tell them about your problem... And also, alert the police and give them everything you've found.

Fun-Fun!

also scan the IP for open ports...see if you can bind a shell ...then disable various services using pserv2 or simalar program !!

here's a link...once your connected...it takes you to the admin services on a remote box....then you can disable whatever like...anything thats running including firewalls

also if poss upload a keylogger for info gathering helps convict the thief

http://p-nand-q.com/download/pserv_cpl/pserv_cpl.html

hope you catch the guy

EDIT: Oh bugger! You did say it was MSN! Never mind, the post should still read ok.

Hi again...

Well a lot depends on the IM the thief is using.
If it's MSN, i'm affraid you're not only going to have to talk to him, make friends with him, but also send him a file; start a mic / webcam 'conversation'.

Now, if this is the case. A better way would be to talk to him (pretend to be a 19 year old girl - preferably foreign) and get him to send you an email. Providing that he does this through SMTP and not hotmail or any other such thing, you can trace the email by analysing the 'headers' (i'll do that for you if you can post them).

With IMs like ICQ, life is a little easier, and all we have to do is exchange a few words.

Here's the general pattern for discovering IPs of IMs:

(Normal conversation)
Your IM --> MSN --> Thief's IM
(Obviously, in this case we cannot get the thief's IP, only MSN's)

(Webcam / Microphone / File Transfer)
Your IM --> Thief's IM
(Great, a direct connection! - it's called a "point-to-point")

Now... To get the IP of someone you have a point-to-point connection with is easy. Fire up a DOS prompt (CMD.exe) and type in NETSTAT. This will then list all the computers - and thier IPS - that are directly connected to yours.

To find out which of these in the list is the attacker might be a little trickier. Obviously, if there is only one, then that's him. However if there are several, you are going to need to look at the "ports".

After each IP address will be a ":" and then a number... So if you were looking at a website, say Google, it'd say: www.google.com:80. - There'd also be the IP of google alongside it.

What you need to find out therefore, is what port yours and the thief's IM uses. Then once you know it, you can be sure that the IP with the correct port for your IM after it is the thief. Presuming of course you are only talking/transfering/looking at him.

If you need more help, just ask, it'd be a pleasure.
If you're really stuck, you'll have to tell me the name of your IM.

Hey... actually, i've got an idea (yes, I am writing this of the cuff!).
If you posted the thief's 'nickname' and the brand of IM he is using, i'm sure someone here would find out his IP (and probably even trace him) for you.

Good luck!
agamemnon

you dont need to make friends wiht no one, use this
http://forums.governmentsecurity.org/index...?showtopic=1580
send him an im saying hey chekc this out
then use the program, it will try and send the file, then just cancel or whatever, log back into msn, and say something like oops, wrong contact, sorry to bother you, now you have the ip and the thief shouldnt be suspicious or anything, lol

lol if sum1 nicked one of my pcs id be the one who wud end up in prison lol.

If the dumbass theif does give away the ip by starting a file transfer u might aswell take the n00bs approach and send him a f00kin trojan lol, bt if hes not a total dumbass then do that tracing shit and hey? wots wrong with good ol' tracert??? lol