I think someone is remotely viewing my laptop; how can I stop it? [closed]
My laptop was a gift from my ex-boyfriend, who spent years studying studying network security, VPNs, partitions, and remote admin/access. Upon dumping me last week, he said:
I'll be watching you.
I opened a cmd
window and entered netstat -ano
. The window filled with 24 TCP ports --listening and established -- and 4 UDP ports that don't list "State" (but appear to be local addresses). Also, there are lots of different PIDs and foreign, as well as local addresses. I interpret this to mean that there's some sort of remote access software on my computer.
I'm not convinced my problems are the result of web surfing. I'm pretty well shielded by my antimalware solution, and never traverse a WiFi connection without HotSpot Shield or what not.
How do I get these gremlins out?
windows remote-access
closed as too broad by Ramhound, Burgi, Twisty Impersonator, music2myear, DrMoishe Pippik Feb 20 at 18:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
My laptop was a gift from my ex-boyfriend, who spent years studying studying network security, VPNs, partitions, and remote admin/access. Upon dumping me last week, he said:
I'll be watching you.
I opened a cmd
window and entered netstat -ano
. The window filled with 24 TCP ports --listening and established -- and 4 UDP ports that don't list "State" (but appear to be local addresses). Also, there are lots of different PIDs and foreign, as well as local addresses. I interpret this to mean that there's some sort of remote access software on my computer.
I'm not convinced my problems are the result of web surfing. I'm pretty well shielded by my antimalware solution, and never traverse a WiFi connection without HotSpot Shield or what not.
How do I get these gremlins out?
windows remote-access
closed as too broad by Ramhound, Burgi, Twisty Impersonator, music2myear, DrMoishe Pippik Feb 20 at 18:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
1
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58
add a comment |
My laptop was a gift from my ex-boyfriend, who spent years studying studying network security, VPNs, partitions, and remote admin/access. Upon dumping me last week, he said:
I'll be watching you.
I opened a cmd
window and entered netstat -ano
. The window filled with 24 TCP ports --listening and established -- and 4 UDP ports that don't list "State" (but appear to be local addresses). Also, there are lots of different PIDs and foreign, as well as local addresses. I interpret this to mean that there's some sort of remote access software on my computer.
I'm not convinced my problems are the result of web surfing. I'm pretty well shielded by my antimalware solution, and never traverse a WiFi connection without HotSpot Shield or what not.
How do I get these gremlins out?
windows remote-access
My laptop was a gift from my ex-boyfriend, who spent years studying studying network security, VPNs, partitions, and remote admin/access. Upon dumping me last week, he said:
I'll be watching you.
I opened a cmd
window and entered netstat -ano
. The window filled with 24 TCP ports --listening and established -- and 4 UDP ports that don't list "State" (but appear to be local addresses). Also, there are lots of different PIDs and foreign, as well as local addresses. I interpret this to mean that there's some sort of remote access software on my computer.
I'm not convinced my problems are the result of web surfing. I'm pretty well shielded by my antimalware solution, and never traverse a WiFi connection without HotSpot Shield or what not.
How do I get these gremlins out?
windows remote-access
windows remote-access
edited Jul 7 '13 at 1:36
nc4pk
7,282115268
7,282115268
asked Jun 14 '13 at 1:07
Nicole FountainNicole Fountain
12
12
closed as too broad by Ramhound, Burgi, Twisty Impersonator, music2myear, DrMoishe Pippik Feb 20 at 18:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Ramhound, Burgi, Twisty Impersonator, music2myear, DrMoishe Pippik Feb 20 at 18:34
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
1
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58
add a comment |
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
1
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
1
1
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58
add a comment |
3 Answers
3
active
oldest
votes
First things first, if any sort of Windows Networking and other usual twiddlefidget people stick on their machine is running, it's kind of meh as to what's described and doesn't really tell us if anything's been tampered with.
If he wasn't just doing mind games on you and actually used a competent remote access trojan, it will do a good job of disguising itself and you don't weed it out.
Under these circumstances, you back up all your user data and scrub it for any executable programs.
You then nuke from your laptop orbit -> scrub the disk clean with DBAN or similar and reinstall the operating system and any programs you found useful from their original install media.
Otherwise there's no way of knowing if you've done anything more than chase your tail trying to remove the unremovable.
add a comment |
There is malicious software ("malware") which allows such remote spying. On the other hand, a lot of applications are using network connections and it takes some reading to find out what is ok and what is suspicious.
The tool TcpView is helpful to get an overview of the current connections. Stop all your own programs and shutdown background services like Skype to keep the list short.
Keep your anti-virus software updated. In doubt, you should cover your web cam with a bit of black sticky tape.
add a comment |
If you are in doubt, I suggest to backup your files and settings and then wipe the machine (as in format the hard disk) and perform a clean install (using a recovery disc etc.)
You might spend hours on end trying to find 'the spy' but will never be sure you got 'him' or there is none.
If you do a clean-install you have a least the assurance that you controlled how it was set-up.
In case you want to keep the system state you can make an image (raw level) before you wipe it. You could then run the image in a VM to further tinker with it.
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
add a comment |
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
First things first, if any sort of Windows Networking and other usual twiddlefidget people stick on their machine is running, it's kind of meh as to what's described and doesn't really tell us if anything's been tampered with.
If he wasn't just doing mind games on you and actually used a competent remote access trojan, it will do a good job of disguising itself and you don't weed it out.
Under these circumstances, you back up all your user data and scrub it for any executable programs.
You then nuke from your laptop orbit -> scrub the disk clean with DBAN or similar and reinstall the operating system and any programs you found useful from their original install media.
Otherwise there's no way of knowing if you've done anything more than chase your tail trying to remove the unremovable.
add a comment |
First things first, if any sort of Windows Networking and other usual twiddlefidget people stick on their machine is running, it's kind of meh as to what's described and doesn't really tell us if anything's been tampered with.
If he wasn't just doing mind games on you and actually used a competent remote access trojan, it will do a good job of disguising itself and you don't weed it out.
Under these circumstances, you back up all your user data and scrub it for any executable programs.
You then nuke from your laptop orbit -> scrub the disk clean with DBAN or similar and reinstall the operating system and any programs you found useful from their original install media.
Otherwise there's no way of knowing if you've done anything more than chase your tail trying to remove the unremovable.
add a comment |
First things first, if any sort of Windows Networking and other usual twiddlefidget people stick on their machine is running, it's kind of meh as to what's described and doesn't really tell us if anything's been tampered with.
If he wasn't just doing mind games on you and actually used a competent remote access trojan, it will do a good job of disguising itself and you don't weed it out.
Under these circumstances, you back up all your user data and scrub it for any executable programs.
You then nuke from your laptop orbit -> scrub the disk clean with DBAN or similar and reinstall the operating system and any programs you found useful from their original install media.
Otherwise there's no way of knowing if you've done anything more than chase your tail trying to remove the unremovable.
First things first, if any sort of Windows Networking and other usual twiddlefidget people stick on their machine is running, it's kind of meh as to what's described and doesn't really tell us if anything's been tampered with.
If he wasn't just doing mind games on you and actually used a competent remote access trojan, it will do a good job of disguising itself and you don't weed it out.
Under these circumstances, you back up all your user data and scrub it for any executable programs.
You then nuke from your laptop orbit -> scrub the disk clean with DBAN or similar and reinstall the operating system and any programs you found useful from their original install media.
Otherwise there's no way of knowing if you've done anything more than chase your tail trying to remove the unremovable.
edited Jul 7 '13 at 2:18
answered Jul 7 '13 at 2:13
Fiasco LabsFiasco Labs
6,27011830
6,27011830
add a comment |
add a comment |
There is malicious software ("malware") which allows such remote spying. On the other hand, a lot of applications are using network connections and it takes some reading to find out what is ok and what is suspicious.
The tool TcpView is helpful to get an overview of the current connections. Stop all your own programs and shutdown background services like Skype to keep the list short.
Keep your anti-virus software updated. In doubt, you should cover your web cam with a bit of black sticky tape.
add a comment |
There is malicious software ("malware") which allows such remote spying. On the other hand, a lot of applications are using network connections and it takes some reading to find out what is ok and what is suspicious.
The tool TcpView is helpful to get an overview of the current connections. Stop all your own programs and shutdown background services like Skype to keep the list short.
Keep your anti-virus software updated. In doubt, you should cover your web cam with a bit of black sticky tape.
add a comment |
There is malicious software ("malware") which allows such remote spying. On the other hand, a lot of applications are using network connections and it takes some reading to find out what is ok and what is suspicious.
The tool TcpView is helpful to get an overview of the current connections. Stop all your own programs and shutdown background services like Skype to keep the list short.
Keep your anti-virus software updated. In doubt, you should cover your web cam with a bit of black sticky tape.
There is malicious software ("malware") which allows such remote spying. On the other hand, a lot of applications are using network connections and it takes some reading to find out what is ok and what is suspicious.
The tool TcpView is helpful to get an overview of the current connections. Stop all your own programs and shutdown background services like Skype to keep the list short.
Keep your anti-virus software updated. In doubt, you should cover your web cam with a bit of black sticky tape.
answered Jun 14 '13 at 5:01
Axel KemperAxel Kemper
2,69711621
2,69711621
add a comment |
add a comment |
If you are in doubt, I suggest to backup your files and settings and then wipe the machine (as in format the hard disk) and perform a clean install (using a recovery disc etc.)
You might spend hours on end trying to find 'the spy' but will never be sure you got 'him' or there is none.
If you do a clean-install you have a least the assurance that you controlled how it was set-up.
In case you want to keep the system state you can make an image (raw level) before you wipe it. You could then run the image in a VM to further tinker with it.
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
add a comment |
If you are in doubt, I suggest to backup your files and settings and then wipe the machine (as in format the hard disk) and perform a clean install (using a recovery disc etc.)
You might spend hours on end trying to find 'the spy' but will never be sure you got 'him' or there is none.
If you do a clean-install you have a least the assurance that you controlled how it was set-up.
In case you want to keep the system state you can make an image (raw level) before you wipe it. You could then run the image in a VM to further tinker with it.
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
add a comment |
If you are in doubt, I suggest to backup your files and settings and then wipe the machine (as in format the hard disk) and perform a clean install (using a recovery disc etc.)
You might spend hours on end trying to find 'the spy' but will never be sure you got 'him' or there is none.
If you do a clean-install you have a least the assurance that you controlled how it was set-up.
In case you want to keep the system state you can make an image (raw level) before you wipe it. You could then run the image in a VM to further tinker with it.
If you are in doubt, I suggest to backup your files and settings and then wipe the machine (as in format the hard disk) and perform a clean install (using a recovery disc etc.)
You might spend hours on end trying to find 'the spy' but will never be sure you got 'him' or there is none.
If you do a clean-install you have a least the assurance that you controlled how it was set-up.
In case you want to keep the system state you can make an image (raw level) before you wipe it. You could then run the image in a VM to further tinker with it.
edited Feb 21 at 4:11
answered Feb 20 at 4:24
sebseb
1861211
1861211
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
add a comment |
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
1
1
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
Why the downvote? This is a perfectly cromulent answer
– Mawg
Feb 20 at 14:59
1
1
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
@Mawg had to look 'cromulent' up but thanks for your comment :-)
– seb
Feb 21 at 4:15
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
Lolx! I don't blame you for not knowing it, the Simpsons jumped the shark long ago; Family Guy is the only thing watching these days (apart, of course, from the incomparable Cleveland Show). Thanks for the upvote. "A noble upvote embiggens the smallest man"
– Mawg
Feb 21 at 7:23
add a comment |
Stop browsing the Web.
– Ignacio Vazquez-Abrams
Jun 14 '13 at 4:01
Use a proper firewall configuration allowing only trusted apps.
– spacebiker
Jun 14 '13 at 5:15
Given the way most people rattle on and on on social media, @IgnacioVazquez-Abrams pretty much nails it on the head. You don't need to install anything to watch people anymore, they more or less do it to themselves.
– Fiasco Labs
Jul 7 '13 at 2:17
1
Nuke it from orbit. It is the only way to be sure.
– Burgi
Feb 20 at 8:58