Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's the recommendation when catching someone logged on to your system?


  • Please log in to reply
7 replies to this topic

#1 raw83472

raw83472

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 22 June 2017 - 12:30 PM

I'm a software engineer and so I'm always very careful not to open email attachments or run strange .exe's downloaded from a website... but just the other day I switched from my desktop computer to my laptop, and someone was logged in opening, rearranging, and closing windows very quickly (like they were searching for something).  This scared the heck out of me and I immediately shut down my computer.  I've already run Avast, malwarebytes, Hijackthis, and some other anti-rootkit tools and they didn't find anything.  I also don't have any remote access tools (according to my uninstall programs list) that I know of.  The Avast virus scanner (run as boot scan) found one virus on chrome_update.exe which was "VBS:Downloader-AJD".  But nothing else was found by it or Malwarebytes.  Also, I've since installed ZoneAlarm (Is there a better firewall?).

 

Is there anything specific I should check for in regard to remote access malware/installations?  I'm so glad I got the person in the act because they may have been able to use the browser to use my saved passwords to sites... Normally, I never have viruses since I never run weird .exes or open email attachments, and this is my personal laptop so it's not on a network either.  I'm also the only person that uses the computer.

 

Are there any programs that specifically search for remote access software (just to make sure it hasn't been installed "behind the scenes")?  Or any scanners for this specific type (remote access) of trojan?  I'm thinking there's got to be a tool out there somewhere that network administers can use to scan their system for remote access tools that they don't want on their systems...

 

EDIT: I'm currently running Plumbware Anti-malware and it has found Zegost trojan on Windows/System32/ifgxtray.exe, so maybe that was the cause... it's still running so I will see if it finds anything else...

 

Thanks!


Edited by raw83472, 22 June 2017 - 01:27 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 mikey11

mikey11

  • Members
  • 1,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:11:24 PM

Posted 22 June 2017 - 02:01 PM

are you talking about a physical person was there using your computer?

 

or somebody was controlling your computer remotely?



#3 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 PM

Posted 22 June 2017 - 02:11 PM

I would start by checking your router's security configuration -

 

http://routersecurity.org/checklist.php

 

Test on the following sites -

 

Shields Up!

 

https://grc.com/x/ne.dll?bh0bkyd2

 

SpeedGuide

 

http://www.speedguide.net/scan.php



#4 raw83472

raw83472
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 22 June 2017 - 02:34 PM

are you talking about a physical person was there using your computer?

 

or somebody was controlling your computer remotely?

 

Someone was using it remotely.  What happened was I was using my desktop computer, and then switched over to using my laptop (using a display switch), and there was someone using it remotely.  They were making windows smaller and doing things very quickly like they were looking for something (windows I immediately recognized and already had opened).  I immediately shut off the computer.  Since then I've been using ZoneAlarm.


Edited by raw83472, 22 June 2017 - 02:34 PM.


#5 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:24 PM

Posted 23 June 2017 - 08:18 AM

What the heck is Plumbware....? Where the heck did you get that from? How long has it been on your computer?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 raw83472

raw83472
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 23 June 2017 - 10:25 AM

What the heck is Plumbware....? Where the heck did you get that from? How long has it been on your computer?

 

Actually, it was Plumbytes, sorry.  Happen to know of any software that searches specifically for RATS or installed remote access software?



#7 mikey11

mikey11

  • Members
  • 1,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Psychiatric Ward @ Beelitz-Heilstatten Hospital, Beelitz, Germany
  • Local time:11:24 PM

Posted 23 June 2017 - 10:34 AM

 

What the heck is Plumbware....? Where the heck did you get that from? How long has it been on your computer?

 

Actually, it was Plumbytes, sorry.  Happen to know of any software that searches specifically for RATS or installed remote access software?

 

 

 

never heard f it, but reviews i have seen are very sketchy, i would remove it and load malwarebytes anti malware,

 

after you do that i would download and run ADWCleaner,

 

after you run ADWCleaner update and run malwarebytes



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:24 PM

Posted 23 June 2017 - 11:25 AM

The Zegost trojan is a backdoor Trojan.  Backdoor Trojans are so dangerous because they have the potential to allow remote administration of your system. As if a hacker were sitting at your keyboard, only worse. There’s almost no limit to what they can do. Some common uses:

Use your system and Internet connection to send spam (yes, the majority of spam is now generated by infected systems).

Steal your online and offline passwords, credit card numbers, address, phone number, and other information stored on your computer that could be used for identity theft, or other financial fraud.

Log your activity, read email, view and download contents of documents, pictures, videos and other private data.

Use your computer and Internet connection, in conjunction with others to launch Distributed Denial of Service (DDoS) attacks.

Modify system files, disable antivirus, delete files, change system settings, to cover tracks, or just to wreak havoc.

 

I would suggest starting a new topic in the  Virus, Trojan, Spyware, and Malware Removal Logs forum.  In order to do this you should use the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.  Just follow the instruction there and post the logs that you will create.

 

Once you have posted in this forum you should not post anything further there until one of the Malware Removal Team members addresses your topic.  These members are constantly in demand so it may take a day or so for one to address your topic.  Please have patience.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users