Remote attack suspected

[thelostscotsman]

I suspect that I am being remotely accessed. Recently when leaving my laptop on standby, it has started to turn itself on. Resuming reaches the logon screen but does not proceed from there.

Once, when trying to shut down at this stage, I was prompted with a warning message. I dont remember the exact wording or the warning but it was along the lines of "are you sure you want to shut down all users from this computer".

I am the sole user of the computer and administrator. I do not have the guest account option enabled, and have never had. For log in I have the simple log in enabled, not the secure option which requires both the username and password to be typed in. I have the windows firewall enabled and am running AVG antivirus software.

Is there any kind of test I can run, or some kind of options to check to see whether someone is remotely accessing my computer? Any help would be appreciated.

 

[Buzz1927]

Post a Hijackthis log.
http://www.computerforum.com/showthread.php?t=24672

 

[dave597]

pull the internet cable out when u switch it off..

and go into bios and check nothing is making it switch on e.g. alarms, power up on lan etc..

 

[davidireland]

Download Zone Alarm firewall. Windows f/w sucks to be quite honest.

Zone alarm will tell you if your computer is being accessed. It will also give the IP of the accessor (if thats a word haha) so you can trace it.

Direct Link To Download

 

[Christian Darrall]

id say pull the internet out first and block all means of output and then leave it upright and on standby and then see in the morning. if its on, its a pc prob. but if no, then Zone alarm the answer.

 

[Jerkstore]

Just write a little batch script that writes the date and time to a file when certain users log onto your machine.

Zone Alarm is a joke...it's one of the easiest firewalls to bypass along with the windows firewall.

Set up logging on each user account through administration tools or something. Chances are, you aren't being remotely accessed. Perhaps maybe over your LAN if you are conected to one (in which case it's considered a trusted source, so your "firewall" is useless). Make sure you have RPC disabled, maybe change your administrator name and add a limited usage account called Administrator as a fake. Turn off file sharing and remote administration and make sure you have GOOD passwords.