remote desktop or such?

P

plus

New Member
how can you tell if someone has access to your pc remotely, or somehow knows everything you do on a pc such as you'd expect via a keylogger or something? this is a family pc, others have access to it/teens/their friends, and their-not-so-friendly friends i suppose, and that must stay that way, but i have scoured the files hidden or otherwise and find no trace of such a program neither does spybot, and yet i know that ( other people that are not at my location ) know exactly what site i am on at a certain times. How can that be? I am unable to format at this time, and replacing the pc is not an option at the moment. Can anyone help please?

*****
Oh yes i forgot some necessary information. It is xp professional, it is directly connected to a wireless router that is picked up by 2 laptops within the household, and is detectable (just barely) outside the home, but not much further. Signal access is seriously encrypted, have panda platinum protection in addition to spybot w/tea timer. Just recently i have been getting external TCP intrusion attempts by 2 files (as per panda's notification dialog box) 91.tmp and shellstylewow.exe; i deny the connection attempts when i am sitting here, but i have found them running in memory in this system a couple times recently which suggests to me that someone else maybe a 'visitor' is allowing these files access (i would delete the processes and reboot, thereby removing them for the time being.

I use opera, firefox, sometimes chrome or avant, for browsing; virtually never use ie. i do not surf porn or warez sites; there is a limewire version on this pc but it is not been used in ages.

there were 2 replies to this prior to this additional block of information contained between ******

Thanks for any help :)
 
Last edited:
For starters......Do you have an AV in place providing real-time protection? Firewall? If you are working wireless, do you have security such as WPA2 encryption? Is the router password protected?

Spybot is OK to a point if you are also using Tea Timer but try scanning with Malwarebytes.

I would delete all permissions from the firewall, AV, anti-malware and start from scratch using a password to give permissions. Anyone could have set a permission to connect or send information out. You could start off without a password for convenience; do all your normal connections/apps/sites giving permissions; then put passwords in place. Keep your Windows User and Admin passwords confidential so nobody can log into those accounts. Limit the capabilities of kids to change the system.

You have to educate the family that they cannot let others use the PC however they want. There has to be some control. It only needs one person to mess things up.
 
there are system settings that you can configure that will allow you to lock people from connecting remotely to your computer. I have all the windows settings set to deny remote connection and if I need to I use a third party utility such as team viewer or logmein.com. for the key logger I would recommend you run malware bytes and if that doesnt come back with anything you would run super anti spyware. they are both very good programs to run
 
Another security issue is all the data you leave on the PC when you use it. Recently used programs, browser history, favourites, unsecured passwords. Very easy to view if someone has access to your User account.

If you have nothing in place, security is a broad subject. Family security is more difficult than a single user. There are plenty of guides and freeware available. I would divide roughly as follows:

Firewall
Anti-Virus
Anti-Malware
Windows accounts and security
Password security
Wireless security
Browser history security
Browser habits
User responsibilities
Download etiquette
Windows updates
Security updates
 
Nanobyte said:
...
I would delete all permissions from the firewall, AV, anti-malware and start from scratch using a password to give permissions. Anyone could have set a permission to connect or send information out. You could start off without a password for convenience; do all your normal connections/apps/sites giving permissions; then put passwords in place. Keep your Windows User and Admin passwords confidential so nobody can log into those accounts. Limit the capabilities of kids to change the system.

You have to educate the family that they cannot let others use the PC however they want. There has to be some control. It only needs one person to mess things up.
Click to expand...

i do understand what your saying there, but the password access is none for the os us. as far as the firewall, i have previously done that less than exciting task per program access/port/times/etc.

The original question still remains, is there no way, to determine what program/ may be attempting access, or is achieving access; can simply shutting down remote access within administrative tools prevent such a program from getting access, or can it be done anyway by exploiting a weakness within a browser; or does shuttin down that "right" within windows services eliminate that from being able to happen?
 
If you are having persistent intrusions and you have set the Panda firewall to block them, they should not be getting in whether you are there or not. I don't have my firewall inform me of connection attempts.

If you find those processes running, you should be able to create a rule in Panda to stop them running. I'm not familiar with the app so I can't tell you how. You could then check the log to see when the processes were blocked, if at all, and if there is a pattern. If the rules disappear, then you know it's someone at the PC.

One problem I already mentioned is that if someone has created a rule for the firewall (eg accept all traffic from a MAC address or IP range) then that will get through. That's why I suggested you delete all rules to date and start over giving permissions as you go. Alternatively go through all the existing rules making sure you know what each one is.
 
hey thanks Nanobyte;

i did manage to isolate the (as it were) trojans' infected files scattered across the registry and/or system files & quarantine them. I have also blocked the 'to date' known files from any TCP access via the firewall (what they were from i don't know, but it doesn't much matter now) , and disabled panda firewall sticking with just my very configurable firewall from my 'old' router mfr (cisco) . I reassigned ports to programs requiring access, and restricted any other attempt. Finally i created 256bit keys for access to the wireless network for the 2 laptops in use, then encrypted the files containing this information on their respective users' profiles& required password logon/change password every 15 days for their machines with autologoff after brief non-use and instructed them to keep their psswrds to themselves if they would like to avoid the down time that we experienced this time around. Lastly, although they do have local install privilege, port access is not configurable by windows, rather, i must personally make a change, no one else has access.

So maybe a full nuclear counter-attack was unnecessary, but i think i took care of the situation. Thanks so much for your thoughtful help & ideas:)
 
You should run HiJackThis and post the log in this forum. I won't be analyzing it. Here is an excerpt from johnb35's routine spiel:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

I add my own note - if there is anything confidential in the log, edit the log and use XXXX etc to replace the sensitive information. The less edits the better.

You should also post the log from your Malwarebytes scan.
 
You must log in or register to reply here.
Back
Top