The Thread Killer®
- Thread starter sycogrim
- Start date
- Status
czc
Thread Killer Mk VIII
Matty28
New member
here is one for the computer experts.
I have a computer that getting controlled remotely. I have been over the computer and removed anything that ever hints at possible remote (includes AV, malware scans) control but I have the same thing happening.:wtf:
I have now just reinstalled the computer and busy setting it up and its still happening.
WTF
I have a computer that getting controlled remotely. I have been over the computer and removed anything that ever hints at possible remote (includes AV, malware scans) control but I have the same thing happening.:wtf:
I have now just reinstalled the computer and busy setting it up and its still happening.
WTF
sycogrim
MyGaming Comp Authoritah
here is one for the computer experts.
I have a computer that getting controlled remotely. I have been over the computer and removed anything that ever hints at possible remote (includes AV, malware scans) control but I have the same thing happening.:wtf:
I have now just reinstalled the computer and busy setting it up and its still happening.
WTF
DC from the network and install Malware bytes and check like that... also check the startup services for anything saying Spy/Pro/Agent/Monitor/Netmonitor or something to that effect and see if it's still doing it when you stop those services...
Mat you gotta think of how things were back at school dude, remember we had the computers there being monitored all the time, remotely and all that jazz...
Matty28
New member
Its nothing like I have done all the the scans already. its the only computer on the network that this problem is happening to. there is no software even installed on the computer now that i have just reloaded it.
to0kenZA
New member
here is one for the computer experts.
I have a computer that getting controlled remotely. I have been over the computer and removed anything that ever hints at possible remote (includes AV, malware scans) control but I have the same thing happening.:wtf:
I have now just reinstalled the computer and busy setting it up and its still happening.
WTF
I would be able to help you, but I have to be there
Download NetLimiter and check which applications are using bandwidth. It will tell you what app and which port it is on. Track that app down and delete it. From a network side I would be able to help you more though. What PC is it? Is it your home PC? Or in your office? What internet connection are you using etc? Need more info.
czc
Thread Killer Mk VIII
WTF! Traitor!
Was meant for Murph, he must explain whj he hates DICE
sycogrim
MyGaming Comp Authoritah
I would be able to help you, but I have to be there
Download NetLimiter and check which applications are using bandwidth. It will tell you what app and which port it is on. Track that app down and delete it. From a network side I would be able to help you more though. What PC is it? Is it your home PC? Or in your office? What internet connection are you using etc? Need more info.
What t00ken said!!
you could also use Wireshark and do an IP packet capture, but install it before you connect to the network and then once you do that, run wireshark and find out the sauce...
to0kenZA
New member
Hmm..A fortigate hey.. If the firewall on that thing is set up properly I can't see how anyone would be able to get in. Are you sure that it's not someone on the LAN that's controlling it remotely?
sycogrim
MyGaming Comp Authoritah
I also reckon it's within the LAN... probably someone screwing around or something...
Matty28
New member
Yes i think wireshark would be the best just need to catch it is the act.
sycogrim
MyGaming Comp Authoritah
I used wireshark last year when I was working for that retail company and I had to capture packets running through the network because of a virus that ran wild....
Matty28
New member
Well i set it up myself and I have my FCNSP so i do know what i'm doing. So as i see it there has to be some sort of software connecting on the computer for some external to connect to or it internal LAN.
to0kenZA
New member
Netlimiter is way more efficient than Wireshark. Wireshark is actually a piece of shit
Go check out this pic dude:
http://www.filebuzz.com/software_screenshot/full/32775-netlimiter_2_lite.jpg
That's what it looks like. It will show you every single application on the server and how much bandwidth it's using. It will show you the IP and the port as well. If you can find that app running somewhere, you will see the source ip and port and that should make it very easy to track down of it's on the LAN. If it's remote (which I doubt highly) at least then you will be able to block that IP if it's not dynamic, but also block that port or reroute the port traffic to a fake IP.
Do you have any UTM capable devices behind your firewall?
to0kenZA
New member
You get software that you install on a PC, like a client program. Those clients can then obviously be accessed from the outside, provided the connection is pretty open. That's why I reckon, if you are only allowing certain traffic in and out of your Fortigate, then it should be coming from an internal source.
Oh dude, just for interest sake, what's FCNSP? I can make out the Network security professional part, but not the FC
to0kenZA
New member
tooken empty that fscking inbox of yours!!!!
Rofl, will do
EDIT: done
- Status