Rogue remote control identification
Posted on 2011-09-02
We had a report from an end-user this morning about a rogue remote control session on her PC. The user witnessed the remote session reading e-mails and then shutting down her PC.
I've checked the event logs and there's nothing there, and have also ran a number of anti-spyware tools (CA, AVG, MalwareBytes, Spybot Search & Destroy) and none of them have found anything malicious.
What else can I check to identify the cause and source of the intrusion?