Results 1 to 2 of 2

Thread: Hidden Remote Monitoring

  1. #1
    carrier Guest

    Default Hidden Remote Monitoring

    HELP!

    I suspect an old b/f of accessing and monitoring my computer from a remote location.
    He would have had to sent previously some
    type of remote installed keylogger or screen shot saver or is connecting to my computer directly.
    I have the Zone Alarm but how can I tell when and how he is connected? I tried netstat and running other programs but since this is not my area I don't know where to look first.
    His business is computer software and programming so he has TONS of resources to pull this off.
    He has never had access to my actual computer so anything he is doing would have been done remotely.
    PLEASE HELP!

    :-(

    Operating System:
    Windows XP Home Edition
    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by CarrieR on 04-03-2008 12:09 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Hidden Remote Monitoring

    Chances are if he never had physical access to your PC, then he did not install a hardware keylogger (device connected to the PC or the monitor or the keyboard) or do some installation of some kind.
    Unless... you opened a risky attachment or email from him, received a file from him in the messenger, installed something from a web site/server personally recommended by him.

    If there is some software keylogger installed, it will be very quiet with no activity for maybe weeks and then report quickly in a flurry of networking activity either by a predetermined time/date or by remote control.


    Most immediate steps:

    Do a complete antivirus and antispyware scan and with everything else you got going. Good chance (maybe 90 per cent) that the PC is clean of any keylogger.

    Change your passwords and logins and user accounts of everything- your email, all forums, logins, messengers, banks, shopping sites, etc.
    If reallyconcerned,then create new email and messenger accounts and drop the old accounts. In other words, cut him off.
    Still worried? then change internet providers and never give away your identity online on any site. Or at least ask your presently used internet provider to give you a new IP.

    If you know his IP or his provider, you could block this off in the ZA.

    Open your router and disable the Remote login, disable the Reply to Ping, change the default password and login name to something else, and disable the UPnP. Easy to do and effective way to secure the router.

    If you are still very concerned, then just wipe the hdd and install windows completely fresh. This is a clean slate and no suspect files or programs. But it is a little extreme to say the least.

    Wipe the drive using DBAN. Just burn the image (.iso) file to a CD using InfraRecorder.

    The unplug the PC ethernet connection or disable the modem or the modem and router.
    Then boot from the media drive not the hard disk drive. You probably will have to get into the PC's BIOS and change the boot order to get a boot from the media drive listed first. Then once the CD starts, then use the maximum settings to wipe the drive. This may take days depending on the size of the drive.
    Then once the CD is finished, PULL THE POWER CORD FROM THE PC OR THE WALL SOCKET. Yes ...kill the power all at once.
    This will kill any remaining troyan or rootkit that is surviving in the PC's memory.
    Next flash the BIOS. This will kill any possible troyan and rootkit hidding in the BIOS itself. You will need to download the BIOS from the vendor's web site or the motherboards web site, if you do not have it handy on a USB or floppy disk.

    Now the PC is perfectly clean just like it was brand new.

    Now format the drive to NTFS (you may want to first create partitions if this is a pure windows CD/DVD disk) and install the windows and then the drivers. Or if a recovery disk, then let it format the drive and install both the drivers and windows all at the same time. Do this while the PC is off line not connected to the modem or the router.

    Once it is finished, connect the PC back to the modem (or modem and router), get windows registered and install the security applications and get all the windows updates installed.
    Now it is fresh and clean and ready for you.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •