How do i find who is connecting to my desktop remotely using 3rd party softwares?

Posted on 2008-06-19
Last Modified: 2008-07-31

I suspect that someone is connecting to my desktop remotely (kind of spy) without my knowledge and i would like to know who it is... May be the username or the IP address of the PC trying to connect my desktop.

Question by:gilbertinigo
  • 3
  • 3
  • 2
  • +3
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21821913

If you are not infected with rootkit chechk active network connections with:
"netstat -an"

to check open network connections.

If you are have rootkit installed, you would have to monitor traffic on your firewall or on dedicated machine on the same network with sniffer. If you have rootkit installed, the best thing would be to re-format computer.

"Rootkit revealer"



Expert Comment

ID: 21821942
If someone is spying the network, you can't find easily. Maybe he/she is using  a sniffer
But if he/she is connecting with VNC, terminal server, etc, you can use
netstat -n
and see who is connected to your pc
LVL 19

Expert Comment

ID: 21821959
Search for any odd software on your machine - There needs to be something for the remote control software to connect to, usually an agent or something like that...

Nose about your PC a bit (look down in the system tray (bottom right corner) for icons you don't recognise, search through Add/Remove Programs in Control Panel etc. If you're not sure about the something, just post the name of it in here and someone will tell you what it is.

It's pretty darn hard to remote control someone's PC without a giveaway sign, as these pieces of software are not intended to be used as spying tools! That's where I'd start anyway...

It's also important to ask why you suspect this, as whether they're just looking at files, or actually remote controlling your desktop, use very different methods... :)

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.


Author Comment

ID: 21822034
i suspect that someone is monitoring my screen activities remotely. Is there any way i can get a log of remote sessions to my PC for the last one week?
LVL 31

Expert Comment

by:Toni Uranjek
ID: 21822063
I very honestly doubt, that someone who has unathorized access to your computer would leave log file behind.

LVL 23

Expert Comment

by:Danny Child
ID: 21822278
is this on a domain, or standalone?  Note, if this pc belongs to your employer, then their Security or IT Dept may be permitted to monitor your pc either overtly or covertly.  You should not attempt to stop this.

Are you responsible for IT Security ?  If not, you need to report this to your IT Dept.

Author Comment

ID: 21823315
This is on the domain. Yes i am responsible for IT security. WE have given delegated permission to our staffs for some admin related tasks. Could be one of them.
Also i got complains from some users that they suspect someone monitors their screen as well.

LVL 19

Expert Comment

ID: 21823562
Well let's not jump the gun too soon - What exactly is it that makes you think someone is watching? Positive its not just paranoia?

Expert Comment

ID: 21823626
I would ask the question "Why", as PeteJThomas did.

Why do you suspect that someone is monitoring information, whether be it by a trojan sending screenshots/keystrokes, an active remote session watching what you're doing, or a network sniffer. That answer might give a better indication as to where you should look/fix. Could it simply be an employee stealing documents with a USB thumbdrive? The answer to "why" will help us help you! :)

If it is a rootkit/trojan, I would suggest disinfecting using an uncompromised 3rd party source.
If it is a remote session, as many have said, you will see an open connection with you run netstat -n.
If it is a sniffer, then perhaps run a network audit tool to see what programs are installed over your entire domain. There are some free/trial versions out there. May not be practical for a very large network, but under 100 users is managable to break down.

Check for strange programs that may have been installed
Check your security event log to see who's credentials have been logged on your machine.(or, denied access multiple times)

Author Comment

ID: 21824248
I already checked the security log and i did not find anything.
while working on the computer, i suddenly noticed that my mouse is moving out of my control, just like someone moves remotely. The same felt by users too.


Accepted Solution

aspen_prop earned 63 total points
ID: 21824417
Wired or wireless mouse? Optical or rollerball? Kind of mousepad?

I may be barking up the wrong tree, but I know my wireless mouse scrolls all by itself if my cell phone is inbetween the IR sensor and my mouse when I receive a phonecall.

Also, does the mouse cursor actually do anything like access files? Erratic movement, or deliberate? If a security scan doesn't pick anything up, and there are no listening ports(maybe try working offline for a while to see if the problem is replicated), then it could be a software problem locally on your machine, or perhaps a physical problem.

LVL 19

Assisted Solution

PeteJThomas earned 62 total points
ID: 21824445
Several of our mice at work do something similar... They're wired etc, but somehow occasionally they go haywire, and the pointer starts erratically jumping about... As soon you disconnect/reconnect it, it stabilises! Very strange but I'm 100% it's nothing sinister (in my case I mean), it's definitely just the mouse behaving badly... lol :)

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Permission issue? 10 73
Sophos EC migration to Cloud. 1 121
Isolating a PC for use by RDP 4 44
Set a time range for screen lockout for Windows 10/7 OS 2 27
You have seen this as an option on your internet browser before or it may be completely new to you.  But what does this mean and why would I use this?
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question