News: 1769153414

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Tech support detective solved PC crime by looking in the carpark

(2026/01/23)


On Call Some tech support jobs are sweet, and others go sour. Whatever taste they leave in your mouth, The Register celebrates them all each week in On Call – the reader-contributed column that shares your support experiences.

This week, meet a reader we'll Regomize as "Parker" who told us he once had a mostly delicious job in a candy factory.

"A floor manager responsible for production asked me to fix his PC, which was so slow he could literally make a coffee in the time between double-clicking an icon and having the program open," Parker told On Call. The manager's PC was only a year old and ran Windows XP, a combo that at the time of this tale should have made for decent performance.

[1]

A quick investigation found many malicious programs installed on the PC, plus an unauthorized local account called "offtime." Parker considered the manager a friend, knew he was a straight shooter, and could not imagine he had anything to do with this mess.

[2]

[3]

Log files confirmed Parker's theory: Whoever installed the malicious software did it between 8pm and 4am, well outside the manager's 9am to 5pm routine.

"My first suspicion was a remote hack, but the firewall logs showed nothing connecting to that machine other than HTTP/HTTPS traffic," Parker told On Call. With the manager's permission, he therefore removed the unauthorized programs and installed a monitoring tool that took a screenshot of the PC's display every five minutes. Critically, Parker left the "offtime" account in place.

[4]

The next morning, Parker found a stack of screenshots, plenty of them using the "offtime" account to visit a dating site. Some of the screenshots included the username "RedVette" on the dating site.

"That pointed to a specific mechanic on the midnight shift who owned a red Corvette," Parker told On Call.

Parker told us his investigation found that RedVette had spent around four hours using the manager's computer before logging off. A little later, someone else signed on to "offtime" account and spent a couple of hours browsing sites dedicated to guns and hunting. Parker knew those were passions of another mechanic who worked the night shift.

[5]Engineer used welding shop air hose to 'clean' PCs – hilarity did not ensue

[6]Help desk read irrelevant script, so techies found and fixed their own problem

[7]User found two reasons – both of them wrong – to dispute tech support's diagnosis

[8]User insisted their screen was blank, until admitting it wasn't

Parker showed this evidence to the manager, whose face reddened with anger because several maintenance tasks were well behind schedule and it looked like RedVette and his mate were the reason why.

"He asked me to kill the 'offtime' account, which I did, and locked down all office PCs to prevent creation of local accounts," Parker told On Call.

[9]

But he didn't stick around to hear the end of the story.

"I was not involved in the conversation between the manager and the night shift mechanics when they came in that evening," he said. "But I suspect it was short, loud, and one-sided."

The sour post-script to this story is that Parker's actions meant all of the candy factory's mechanics started giving him the cold shoulder, and kept up their petulance until he left the company a few years later.

Have you busted colleagues doing the wrong thing? Tell us how that worked out by [10]clicking here to send email to On Call. We never rat out our contributors – your name and workplace are never mentioned in On Call! ®

Get our [11]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aXNU0dVzn-LdNQvyUi-HNQAAAwg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXNU0dVzn-LdNQvyUi-HNQAAAwg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXNU0dVzn-LdNQvyUi-HNQAAAwg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXNU0dVzn-LdNQvyUi-HNQAAAwg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2026/01/16/on_call/

[6] https://www.theregister.com/2026/01/09/on_call/

[7] https://www.theregister.com/2025/12/19/on_call/

[8] https://www.theregister.com/2025/12/12/on_call/

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXNU0dVzn-LdNQvyUi-HNQAAAwg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[10] mailto:oncall@theregister.com

[11] https://whitepapers.theregister.com/


Yorick Hunt

Oh, the memories...

Back at the turn of the millennium, I'd just installed a smooth new firewall with integrated transparent proxy, on our slick new 128Kbps ISDN connection. When the MD asked to see it in operation, I didn't hesitate to open the console for him to view.

Just at that moment, a flurry of proxy activity came up, showing someone accessing a hell of a lot of pages on a popular porn site of the time (I can't remember which, but I do know it was well before the advent of xHamster).

It turned out to be the warehouse manager - but just like the protagonist in this story, I made sure I was well away from the firing line when the MD went for a "chat."

#I guess I should've closed my eyes#

Pickle Rick

"Parker", you're not alone! I know for sure that I'm not the only one here that's encountered these situations in tech support.

When a friend asks to "fix their slow PC", depending on the friend, before I touch the machine I say "The porn you view will be revealed, do you want me to continue?" because often that was (is?) a malware vector. There's often a freeze, as in the fight or flight reaction, the face is still, you can see the cogs spinning in their silence! I've never been asked to not go ahead - some of my friends might have niche kinks, but they ain't crims, good news indeed!

Little Red Corvette? I didn't look at the pictures of the previous jockeys!

<3 Prince RIP -->

Email was tainted too around the turn of the century

Anonymous Coward

The team lead for Exchange support was looking through flagged email for filter false positives when he could be heard to exclaim the single word...

...Shemales?!??!

Re: Email was tainted too around the turn of the century

breakfast

I like to imagine they pronounced it like "tamales."

Doctor Syntax

It sounds as if the manager might have been too much of a straight shooter if he let the mechanics know he'd found out from Parker.

"....the candy factory's mechanics started giving him the cold shoulder...."

blu3b3rry

Their own fault for thinking no-one will notice misuse of a work PC, I guess. I've never wrapped my head around those who use them for any personal stuff.

If I do need to do some personal bits at work, say on my lunch break, I bring in my own laptop in. Either using my phone as a bluetooth hotspot or the visitor WiFi (we're allowed to use it) although naturally am very judicious about what websites I'd visit!

Workplace had someone sacked a few years back for browsing all sorts of "niche" images and videos on their work laptop while WFH. The content was described as "effectively illegal" which led to a lot of speculation....!

Re: "....the candy factory's mechanics started giving him the cold shoulder...."

GlenP

those who use them for any personal stuff

It wasn't that unusual when not everyone had PCs at home and before smartphones and tablets became common. I've generally adopted a fairly light touch, in lunchtimes was OK but keep it sensible. I also warned them about saving any personal information or credentials as their manager or IT would have access.

Not everyone was sensible, we had one user who was most disgruntled when, during a minor office rearrangement, he found himself on the corner desk right next to the walkway - it stopped him playing solitaire* and trading on eBay in work hours.

*That's how long ago it was.

Anonymous John

"and locked down all office PCs to prevent creation of local accounts," Parker told On Call."

Standard practice from day 1 in my experience.

FrogsAndChips

Today certainly, in the era of Windows XP, not so much.

25 years ago, there was very little in terms of web filtering, USB ports blocking, locking down of Windows accounts, even at the large institutions (think FTSE100) I've worked with...

The only really decent thing to do behind a person's back is pat it.