Solved

How do i find who is connecting to my desktop remotely using 3rd party softwares?

Posted on 2008-06-19
14
282 Views
Last Modified: 2008-07-31
Hi,

I suspect that someone is connecting to my desktop remotely (kind of spy) without my knowledge and i would like to know who it is... May be the username or the IP address of the PC trying to connect my desktop.

0
Comment
Question by:gilbertinigo
  • 3
  • 3
  • 2
  • +3
14 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21821913
Hi!

If you are not infected with rootkit chechk active network connections with:
"netstat -an"

to check open network connections.

If you are have rootkit installed, you would have to monitor traffic on your firewall or on dedicated machine on the same network with sniffer. If you have rootkit installed, the best thing would be to re-format computer.

"Rootkit revealer"
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

HTH

Toni
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21821942
If someone is spying the network, you can't find easily. Maybe he/she is using  a sniffer
But if he/she is connecting with VNC, terminal server, etc, you can use
netstat -n
and see who is connected to your pc
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 21821959
Search for any odd software on your machine - There needs to be something for the remote control software to connect to, usually an agent or something like that...

Nose about your PC a bit (look down in the system tray (bottom right corner) for icons you don't recognise, search through Add/Remove Programs in Control Panel etc. If you're not sure about the something, just post the name of it in here and someone will tell you what it is.

It's pretty darn hard to remote control someone's PC without a giveaway sign, as these pieces of software are not intended to be used as spying tools! That's where I'd start anyway...

It's also important to ask why you suspect this, as whether they're just looking at files, or actually remote controlling your desktop, use very different methods... :)

Pete
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:gilbertinigo
ID: 21822034
i suspect that someone is monitoring my screen activities remotely. Is there any way i can get a log of remote sessions to my PC for the last one week?
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21822063
I very honestly doubt, that someone who has unathorized access to your computer would leave log file behind.

0
 
LVL 23

Expert Comment

by:Danny Child
ID: 21822278
is this on a domain, or standalone?  Note, if this pc belongs to your employer, then their Security or IT Dept may be permitted to monitor your pc either overtly or covertly.  You should not attempt to stop this.

Are you responsible for IT Security ?  If not, you need to report this to your IT Dept.
0
 

Author Comment

by:gilbertinigo
ID: 21823315
This is on the domain. Yes i am responsible for IT security. WE have given delegated permission to our staffs for some admin related tasks. Could be one of them.
Also i got complains from some users that they suspect someone monitors their screen as well.

0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 21823562
Well let's not jump the gun too soon - What exactly is it that makes you think someone is watching? Positive its not just paranoia?
0
 

Expert Comment

by:aspen_prop
ID: 21823626
I would ask the question "Why", as PeteJThomas did.

Why do you suspect that someone is monitoring information, whether be it by a trojan sending screenshots/keystrokes, an active remote session watching what you're doing, or a network sniffer. That answer might give a better indication as to where you should look/fix. Could it simply be an employee stealing documents with a USB thumbdrive? The answer to "why" will help us help you! :)

If it is a rootkit/trojan, I would suggest disinfecting using an uncompromised 3rd party source.
If it is a remote session, as many have said, you will see an open connection with you run netstat -n.
If it is a sniffer, then perhaps run a network audit tool to see what programs are installed over your entire domain. There are some free/trial versions out there. May not be practical for a very large network, but under 100 users is managable to break down.

Check for strange programs that may have been installed
Check your security event log to see who's credentials have been logged on your machine.(or, denied access multiple times)
0
 

Author Comment

by:gilbertinigo
ID: 21824248
I already checked the security log and i did not find anything.
while working on the computer, i suddenly noticed that my mouse is moving out of my control, just like someone moves remotely. The same felt by users too.

0
 

Accepted Solution

by:
aspen_prop earned 63 total points
ID: 21824417
Wired or wireless mouse? Optical or rollerball? Kind of mousepad?

I may be barking up the wrong tree, but I know my wireless mouse scrolls all by itself if my cell phone is inbetween the IR sensor and my mouse when I receive a phonecall.

Also, does the mouse cursor actually do anything like access files? Erratic movement, or deliberate? If a security scan doesn't pick anything up, and there are no listening ports(maybe try working offline for a while to see if the problem is replicated), then it could be a software problem locally on your machine, or perhaps a physical problem.

0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 62 total points
ID: 21824445
Several of our mice at work do something similar... They're wired etc, but somehow occasionally they go haywire, and the pointer starts erratically jumping about... As soon you disconnect/reconnect it, it stabilises! Very strange but I'm 100% it's nothing sinister (in my case I mean), it's definitely just the mouse behaving badly... lol :)
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question