How do i find who is connecting to my desktop remotely using 3rd party softwares?

Posted on 2008-06-19
Last Modified: 2008-07-31

I suspect that someone is connecting to my desktop remotely (kind of spy) without my knowledge and i would like to know who it is... May be the username or the IP address of the PC trying to connect my desktop.

Question by:gilbertinigo
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21821913

If you are not infected with rootkit chechk active network connections with:
"netstat -an"

to check open network connections.

If you are have rootkit installed, you would have to monitor traffic on your firewall or on dedicated machine on the same network with sniffer. If you have rootkit installed, the best thing would be to re-format computer.

"Rootkit revealer"



Expert Comment

ID: 21821942
If someone is spying the network, you can't find easily. Maybe he/she is using  a sniffer
But if he/she is connecting with VNC, terminal server, etc, you can use
netstat -n
and see who is connected to your pc
LVL 19

Expert Comment

ID: 21821959
Search for any odd software on your machine - There needs to be something for the remote control software to connect to, usually an agent or something like that...

Nose about your PC a bit (look down in the system tray (bottom right corner) for icons you don't recognise, search through Add/Remove Programs in Control Panel etc. If you're not sure about the something, just post the name of it in here and someone will tell you what it is.

It's pretty darn hard to remote control someone's PC without a giveaway sign, as these pieces of software are not intended to be used as spying tools! That's where I'd start anyway...

It's also important to ask why you suspect this, as whether they're just looking at files, or actually remote controlling your desktop, use very different methods... :)

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.


Author Comment

ID: 21822034
i suspect that someone is monitoring my screen activities remotely. Is there any way i can get a log of remote sessions to my PC for the last one week?
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21822063
I very honestly doubt, that someone who has unathorized access to your computer would leave log file behind.

LVL 23

Expert Comment

by:Danny Child
ID: 21822278
is this on a domain, or standalone?  Note, if this pc belongs to your employer, then their Security or IT Dept may be permitted to monitor your pc either overtly or covertly.  You should not attempt to stop this.

Are you responsible for IT Security ?  If not, you need to report this to your IT Dept.

Author Comment

ID: 21823315
This is on the domain. Yes i am responsible for IT security. WE have given delegated permission to our staffs for some admin related tasks. Could be one of them.
Also i got complains from some users that they suspect someone monitors their screen as well.

LVL 19

Expert Comment

ID: 21823562
Well let's not jump the gun too soon - What exactly is it that makes you think someone is watching? Positive its not just paranoia?

Expert Comment

ID: 21823626
I would ask the question "Why", as PeteJThomas did.

Why do you suspect that someone is monitoring information, whether be it by a trojan sending screenshots/keystrokes, an active remote session watching what you're doing, or a network sniffer. That answer might give a better indication as to where you should look/fix. Could it simply be an employee stealing documents with a USB thumbdrive? The answer to "why" will help us help you! :)

If it is a rootkit/trojan, I would suggest disinfecting using an uncompromised 3rd party source.
If it is a remote session, as many have said, you will see an open connection with you run netstat -n.
If it is a sniffer, then perhaps run a network audit tool to see what programs are installed over your entire domain. There are some free/trial versions out there. May not be practical for a very large network, but under 100 users is managable to break down.

Check for strange programs that may have been installed
Check your security event log to see who's credentials have been logged on your machine.(or, denied access multiple times)

Author Comment

ID: 21824248
I already checked the security log and i did not find anything.
while working on the computer, i suddenly noticed that my mouse is moving out of my control, just like someone moves remotely. The same felt by users too.


Accepted Solution

aspen_prop earned 63 total points
ID: 21824417
Wired or wireless mouse? Optical or rollerball? Kind of mousepad?

I may be barking up the wrong tree, but I know my wireless mouse scrolls all by itself if my cell phone is inbetween the IR sensor and my mouse when I receive a phonecall.

Also, does the mouse cursor actually do anything like access files? Erratic movement, or deliberate? If a security scan doesn't pick anything up, and there are no listening ports(maybe try working offline for a while to see if the problem is replicated), then it could be a software problem locally on your machine, or perhaps a physical problem.

LVL 19

Assisted Solution

PeteJThomas earned 62 total points
ID: 21824445
Several of our mice at work do something similar... They're wired etc, but somehow occasionally they go haywire, and the pointer starts erratically jumping about... As soon you disconnect/reconnect it, it stabilises! Very strange but I'm 100% it's nothing sinister (in my case I mean), it's definitely just the mouse behaving badly... lol :)

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Microsoft will be releasing the Windows 10 Creators Update in just a matter of weeks. Are you prepared? Follow these steps to ensure everything goes smoothly and you don't lose valuable data on your PC.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question