Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Identify source of PC remote control


  • Please log in to reply
1 reply to this topic

#1 Patrickjacquet

Patrickjacquet

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 16 July 2018 - 06:22 AM

Hello all,

I apologize for this long post in advance :-)

I am the system admin of a company where we have a few PC with confidential information being accessed by unauthorized employees.

We have received a confirmation that a silent remote viewer tool is installed on these pc on demand, and it is then uninstalled after the viewing session by the spy

This software is apparently very silent and does not leave traces.
Looks like our AV is not detecting this activity, maybe its configuration was compromised?

I do NOT want to block this fraudulent activity at this point inj time.
Instead, i want to continue allowing it and capture all TCP incoming connections to this PC, so that we can then trace back to a pc and its user.

I would like this software to be as silent / invisible as possible
It does not need to be free, happy to buy what makes sense.

Would you have any suggestion?

Worst case i can play with netstat scripts but i would rather prefer a commercial solution if one already exists...

Thank you guys in advance!

Patrick

BC AdBot (Login to Remove)

 


#2 midimusicman79

midimusicman79

  • Members
  • 690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:09:02 AM

Posted 16 July 2018 - 11:30 AM

Hi, Patrick and Welcome to BC! :welcome:

I would recommend Wireshark, which is available from here:

https://www.wireshark.org/

Good luck! :)

Regards,
midimusicman79

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users