Solved

How do i find who is connecting to my desktop remotely using 3rd party softwares?

Posted on 2008-06-19
14
279 Views
Last Modified: 2008-07-31
Hi,

I suspect that someone is connecting to my desktop remotely (kind of spy) without my knowledge and i would like to know who it is... May be the username or the IP address of the PC trying to connect my desktop.

0
Comment
Question by:gilbertinigo
  • 3
  • 3
  • 2
  • +3
14 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21821913
Hi!

If you are not infected with rootkit chechk active network connections with:
"netstat -an"

to check open network connections.

If you are have rootkit installed, you would have to monitor traffic on your firewall or on dedicated machine on the same network with sniffer. If you have rootkit installed, the best thing would be to re-format computer.

"Rootkit revealer"
http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

HTH

Toni
0
 
LVL 4

Expert Comment

by:albuitra
ID: 21821942
If someone is spying the network, you can't find easily. Maybe he/she is using  a sniffer
But if he/she is connecting with VNC, terminal server, etc, you can use
netstat -n
and see who is connected to your pc
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 21821959
Search for any odd software on your machine - There needs to be something for the remote control software to connect to, usually an agent or something like that...

Nose about your PC a bit (look down in the system tray (bottom right corner) for icons you don't recognise, search through Add/Remove Programs in Control Panel etc. If you're not sure about the something, just post the name of it in here and someone will tell you what it is.

It's pretty darn hard to remote control someone's PC without a giveaway sign, as these pieces of software are not intended to be used as spying tools! That's where I'd start anyway...

It's also important to ask why you suspect this, as whether they're just looking at files, or actually remote controlling your desktop, use very different methods... :)

Pete
0
 

Author Comment

by:gilbertinigo
ID: 21822034
i suspect that someone is monitoring my screen activities remotely. Is there any way i can get a log of remote sessions to my PC for the last one week?
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21822063
I very honestly doubt, that someone who has unathorized access to your computer would leave log file behind.

0
 
LVL 23

Expert Comment

by:DanCh99
ID: 21822278
is this on a domain, or standalone?  Note, if this pc belongs to your employer, then their Security or IT Dept may be permitted to monitor your pc either overtly or covertly.  You should not attempt to stop this.

Are you responsible for IT Security ?  If not, you need to report this to your IT Dept.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:gilbertinigo
ID: 21823315
This is on the domain. Yes i am responsible for IT security. WE have given delegated permission to our staffs for some admin related tasks. Could be one of them.
Also i got complains from some users that they suspect someone monitors their screen as well.

0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 21823562
Well let's not jump the gun too soon - What exactly is it that makes you think someone is watching? Positive its not just paranoia?
0
 

Expert Comment

by:aspen_prop
ID: 21823626
I would ask the question "Why", as PeteJThomas did.

Why do you suspect that someone is monitoring information, whether be it by a trojan sending screenshots/keystrokes, an active remote session watching what you're doing, or a network sniffer. That answer might give a better indication as to where you should look/fix. Could it simply be an employee stealing documents with a USB thumbdrive? The answer to "why" will help us help you! :)

If it is a rootkit/trojan, I would suggest disinfecting using an uncompromised 3rd party source.
If it is a remote session, as many have said, you will see an open connection with you run netstat -n.
If it is a sniffer, then perhaps run a network audit tool to see what programs are installed over your entire domain. There are some free/trial versions out there. May not be practical for a very large network, but under 100 users is managable to break down.

Check for strange programs that may have been installed
Check your security event log to see who's credentials have been logged on your machine.(or, denied access multiple times)
0
 

Author Comment

by:gilbertinigo
ID: 21824248
I already checked the security log and i did not find anything.
while working on the computer, i suddenly noticed that my mouse is moving out of my control, just like someone moves remotely. The same felt by users too.

0
 

Accepted Solution

by:
aspen_prop earned 63 total points
ID: 21824417
Wired or wireless mouse? Optical or rollerball? Kind of mousepad?

I may be barking up the wrong tree, but I know my wireless mouse scrolls all by itself if my cell phone is inbetween the IR sensor and my mouse when I receive a phonecall.

Also, does the mouse cursor actually do anything like access files? Erratic movement, or deliberate? If a security scan doesn't pick anything up, and there are no listening ports(maybe try working offline for a while to see if the problem is replicated), then it could be a software problem locally on your machine, or perhaps a physical problem.

0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 62 total points
ID: 21824445
Several of our mice at work do something similar... They're wired etc, but somehow occasionally they go haywire, and the pointer starts erratically jumping about... As soon you disconnect/reconnect it, it stabilises! Very strange but I'm 100% it's nothing sinister (in my case I mean), it's definitely just the mouse behaving badly... lol :)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Upper back Pain: My back hurt for months. Upper back, mostly my neck, spine and across my shoulder blades. I was getting headaches too, that felt like they were caused by tension in my shoulders, but now I feel fine! I'm sharing this hoping someone…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now