We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Remote access?

Options
Sorry if this sounds a litlle paranoid :o, but a few things happening recently have lead me to wonder whether my pc- what websites I'm viewing etc- is being 'watched' by someone else?

I remember a few years back a few mates would take the p!ss out of eachother by secretly setting up eachothers pc's to be accessible to themselves via their own pc in their own home IYSWIM?

Didn't pay much notice at the time- wish I had now!

So, my Q is, how would I know if my pc is set up to allow someone else access? And if it is, how do I remove that access?

*Sorry I can't think of the exact phrase I'm after :o I'm not sure it is remote access, I don't mean like key logging/ screen shot programmes- I mean someone watching what I'm doing in real time?

Any ideas? Thanks in advance! :A
We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung

Comments

  • davb
    davb Posts: 1,293 Forumite
    What you say is certainly possible with something like remote desktop, or VNC, UVNC. It is most likely that someone would have needed access to your PC to set it up though.

    The easiest way to check is to scan your PC.
    Scan with MalwareBytes - install, update, quick scan, fix and post the log here. Then reboot and use HijackThis - full scan, don't fix anything, just post the log.
    This should tell us what if anything is going on.
  • PROLIANT
    PROLIANT Posts: 6,396 Forumite
    1,000 Posts Combo Breaker
    First of all, you need to do a port sweep of your Router in to see if there is any vulnerability i.e. Remote Desktop Port 3389 open, VNC Port 5900 Open etc.

    Visit this link here: https://www.grc.com/x/ne.dll?bh0bkyd2

    And follow the instructions.

    Once finished post us a screen shot of the grid, minus any IP Address information of course and we shall take a look.
    Since when has the world of computer software design been about what people want? This is a simple question of evolution. The day is quickly coming when every knee will bow down to a silicon fist, and you will all beg your binary gods for mercy.
  • sjaypink
    sjaypink Posts: 6,740 Forumite
    edited 13 January 2010 at 10:07PM
    Hi, thankyou so much for the help!
    Its probably just me being stupid, but its the guy I bought the pc from- a friend of a friend, who builds/ refurbs them as a side line, is just a bit, err, odd... not in a horrible way, but just weird- and seems to be more so during periods where I use the pc for the net. I usually use my laptop, but a few times I've lent it out or its been broke, I've just felt a little creeped out.. :o
    Anyway:
    davb wrote: »
    What you say is certainly possible with something like remote desktop, or VNC, UVNC. It is most likely that someone would have needed access to your PC to set it up though.

    The easiest way to check is to scan your PC.
    Scan with MalwareBytes - install, update, quick scan, fix and post the log here. .
    I can't seem to select the text or screen shot this one, but it says its just found one thing:
    (vendor) Hijack.DisplayProperties , (catagory) Registry Data , (items) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    davb wrote: »
    Then reboot and use HijackThis - full scan, don't fix anything, just post the log.
    This should tell us what if anything is going on.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:58:43, on 13/01/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18349)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Program Files (x86)\Internet Explorer\ieuser.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    O13 - Gopher Prefix:
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    PROLIANT wrote: »
    First of all, you need to do a port sweep of your Router in to see if there is any vulnerability i.e. Remote Desktop Port 3389 open, VNC Port 5900 Open etc.

    Visit this link here: https://www.grc.com/x/ne.dll?bh0bkyd2

    And follow the instructions.

    Once finished post us a screen shot of the grid, minus any IP Address information of course and we shall take a look.

    Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

    Is that all OK?
    We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung

  • davb
    davb Posts: 1,293 Forumite
    There doesn't seem anything obviously malicious there, although it looks like a 64bit version of Vista which may be not playing too well with HijackThis - hence all the file missing stuff - I will dig a bit deeper here.
    Some comments though:
    1. You have Vista service pack 1 - you should install sp2
    2. Internet Explorer is 7 and not 8
    3. There seems to be no Antivirus software installed
  • busenbust
    busenbust Posts: 4,782 Forumite
    Well, what do you have in place to prevent any potential hijacking? Are your anti -virus/-malware installs up-to-date? Are you running a firewall? Have you run an anti-virus check recently? Ditto anti-malware?:whistle:
  • sjaypink
    sjaypink Posts: 6,740 Forumite
    davb wrote: »
    There doesn't seem anything obviously malicious there, although it looks like a 64bit version of Vista which may be not playing too well with HijackThis - hence all the file missing stuff - I will dig a bit deeper here.
    Some comments though:
    1. You have Vista service pack 1 - you should install sp2
    2. Internet Explorer is 7 and not 8
    3. There seems to be no Antivirus software installed
    Thats very kind of you for pointing that out- I rarely use it for the net, so have never downloaded antivira or similar, assumed windows have a basic kit already? I take it that is not correct? :o

    I'm not really sure what difference 1 & 2 make, but will look into that anyhow. Thank you again :A
    We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung

  • sjaypink
    sjaypink Posts: 6,740 Forumite
    busenbust wrote: »
    Well, what do you have in place to prevent any potential hijacking? Are your anti -virus/-malware installs up-to-date? Are you running a firewall? Have you run an anti-virus check recently? Ditto anti-malware?:whistle:
    Again, am obviously really dopey with all this :o. Thought there was a basic kit already on most pcs... and as this is only on the net in emergencys really I've never really thought about it! Which is the best free one do you think?

    I did previously have antivira on my laptop which a friend said was good, and I never had any problems with?
    On a side note, whilst I'm embarrassing myself with my lack of security, my laptops hard drive blew, so I got a new one, and had windows 7 put on it, there is an icon on there saying Windows Defender, which I assumed to be antivirus, but stupidly have never actually checked- is that Ok or do I need to put more firewall type stuff on the laptop too?
    We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung

  • busenbust
    busenbust Posts: 4,782 Forumite
    edited 13 January 2010 at 10:53PM
    assumed windows have a basic kit already? I take it that is not correct? :o
    Windows XP has a very basic firewall; Windows 7 has a far more comprehensive firewall :cool:; people's opinions on what is the best possible anti -virus/-malware solution differs on this forum. Myself? Avast (anti-virus), Windows Defender (anti-malware); and I use Firefox with the excellent NoScript add-on. Security_EssentialsMicrosoft Security Essentials also gets very decent marks here and in other forums (you will not need Defender if you install MSE).

    HTH.
  • davb
    davb Posts: 1,293 Forumite
    Vista service pack 2 is an update rollup from Microsoft - too big for a normal Windows update - more of an Operating System upgrade. It's a couple of hunded MB download, but without it you are potentially missing a lot of security patches.

    As Busenbust says, Vista firewall should be fine, and either Avast or Microsoft Security Essentials for AV - which one is personal choice, but you really need something.
  • busenbust
    busenbust Posts: 4,782 Forumite
    Astute advice also from davb regarding the Vista service pack :cool:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.7K Work, Benefits & Business
  • 598.5K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.