We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Remote access?
Options

sjaypink
Posts: 6,740 Forumite
in Techie Stuff
Sorry if this sounds a litlle paranoid
, but a few things happening recently have lead me to wonder whether my pc- what websites I'm viewing etc- is being 'watched' by someone else?
I remember a few years back a few mates would take the p!ss out of eachother by secretly setting up eachothers pc's to be accessible to themselves via their own pc in their own home IYSWIM?
Didn't pay much notice at the time- wish I had now!
So, my Q is, how would I know if my pc is set up to allow someone else access? And if it is, how do I remove that access?
*Sorry I can't think of the exact phrase I'm after
I'm not sure it is remote access, I don't mean like key logging/ screen shot programmes- I mean someone watching what I'm doing in real time?
Any ideas? Thanks in advance! :A

I remember a few years back a few mates would take the p!ss out of eachother by secretly setting up eachothers pc's to be accessible to themselves via their own pc in their own home IYSWIM?
Didn't pay much notice at the time- wish I had now!
So, my Q is, how would I know if my pc is set up to allow someone else access? And if it is, how do I remove that access?
*Sorry I can't think of the exact phrase I'm after

Any ideas? Thanks in advance! :A
We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung
0
Comments
-
What you say is certainly possible with something like remote desktop, or VNC, UVNC. It is most likely that someone would have needed access to your PC to set it up though.
The easiest way to check is to scan your PC.
Scan with MalwareBytes - install, update, quick scan, fix and post the log here. Then reboot and use HijackThis - full scan, don't fix anything, just post the log.
This should tell us what if anything is going on.0 -
First of all, you need to do a port sweep of your Router in to see if there is any vulnerability i.e. Remote Desktop Port 3389 open, VNC Port 5900 Open etc.
Visit this link here: https://www.grc.com/x/ne.dll?bh0bkyd2
And follow the instructions.
Once finished post us a screen shot of the grid, minus any IP Address information of course and we shall take a look.Since when has the world of computer software design been about what people want? This is a simple question of evolution. The day is quickly coming when every knee will bow down to a silicon fist, and you will all beg your binary gods for mercy.0 -
Hi, thankyou so much for the help!
Its probably just me being stupid, but its the guy I bought the pc from- a friend of a friend, who builds/ refurbs them as a side line, is just a bit, err, odd... not in a horrible way, but just weird- and seems to be more so during periods where I use the pc for the net. I usually use my laptop, but a few times I've lent it out or its been broke, I've just felt a little creeped out..
Anyway:What you say is certainly possible with something like remote desktop, or VNC, UVNC. It is most likely that someone would have needed access to your PC to set it up though.
The easiest way to check is to scan your PC.
Scan with MalwareBytes - install, update, quick scan, fix and post the log here. .
(vendor) Hijack.DisplayProperties , (catagory) Registry Data , (items) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChangesThen reboot and use HijackThis - full scan, don't fix anything, just post the log.
This should tell us what if anything is going on.
Scan saved at 20:58:43, on 13/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)First of all, you need to do a port sweep of your Router in to see if there is any vulnerability i.e. Remote Desktop Port 3389 open, VNC Port 5900 Open etc.
Visit this link here: https://www.grc.com/x/ne.dll?bh0bkyd2
And follow the instructions.
Once finished post us a screen shot of the grid, minus any IP Address information of course and we shall take a look.
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Is that all OK?We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung
0 -
There doesn't seem anything obviously malicious there, although it looks like a 64bit version of Vista which may be not playing too well with HijackThis - hence all the file missing stuff - I will dig a bit deeper here.
Some comments though:
1. You have Vista service pack 1 - you should install sp2
2. Internet Explorer is 7 and not 8
3. There seems to be no Antivirus software installed0 -
Well, what do you have in place to prevent any potential hijacking? Are your anti -virus/-malware installs up-to-date? Are you running a firewall? Have you run an anti-virus check recently? Ditto anti-malware?:whistle:0
-
There doesn't seem anything obviously malicious there, although it looks like a 64bit version of Vista which may be not playing too well with HijackThis - hence all the file missing stuff - I will dig a bit deeper here.
Some comments though:
1. You have Vista service pack 1 - you should install sp2
2. Internet Explorer is 7 and not 8
3. There seems to be no Antivirus software installed
I'm not really sure what difference 1 & 2 make, but will look into that anyhow. Thank you again :AWe cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung
0 -
Well, what do you have in place to prevent any potential hijacking? Are your anti -virus/-malware installs up-to-date? Are you running a firewall? Have you run an anti-virus check recently? Ditto anti-malware?:whistle:
. Thought there was a basic kit already on most pcs... and as this is only on the net in emergencys really I've never really thought about it! Which is the best free one do you think?
I did previously have antivira on my laptop which a friend said was good, and I never had any problems with?
On a side note, whilst I'm embarrassing myself with my lack of security, my laptops hard drive blew, so I got a new one, and had windows 7 put on it, there is an icon on there saying Windows Defender, which I assumed to be antivirus, but stupidly have never actually checked- is that Ok or do I need to put more firewall type stuff on the laptop too?We cannot change anything unless we accept it. Condemnation does not liberate, it oppresses. Carl Jung
0 -
assumed windows have a basic kit already? I take it that is not correct?
Microsoft Security Essentials also gets very decent marks here and in other forums (you will not need Defender if you install MSE).
HTH.0 -
Vista service pack 2 is an update rollup from Microsoft - too big for a normal Windows update - more of an Operating System upgrade. It's a couple of hunded MB download, but without it you are potentially missing a lot of security patches.
As Busenbust says, Vista firewall should be fine, and either Avast or Microsoft Security Essentials for AV - which one is personal choice, but you really need something.0 -
Astute advice also from davb regarding the Vista service pack :cool:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards