Someone is remote controlling one of my PCs - Hardware & Software

As the title says, we believe someone is monitoring (and controlling) one of my pcs, as the perpetrator (we know who it is) has been gathering information that could have only been obtained from that pc. We've noticed emails being read, changed tabs when we leave it on overnight, and other evidence of tampering. [b]it is not a virus[/b], we've checked. This person has been monitoring our computer for years, it seems. Thing is, we need some way of getting the IP address of the remote connection so we can press charges. We know who's doing it, but we can't prove it. We have to assume that it is always being watched, so I don't think anything can be done that would alert him. What would be some decent ways of catching him? I've tried looking at the Event Viewer, but I've no idea how to work it. PC is on Win 7.

Go next door and tell your neighbor to fuck off.

What you are saying would require a person to literally control the existing windows session on the computer, without signing into through remote desktop. This would require software that does not exist by default in windows, that would have had to be installed either by a virus or by some other program. Remove the program, and your problem will go away. If you really think it will help, usually if you have a good router it keeps a list of all incoming and outgoing connections. I doubt you will get ANYWHERE even if you determine the I.P address of a possible attacker. Just to be safe, if this problem is real, I would format the whole damn thing no questions asked. Disabling UPNP on your router will be especially useful against attacks like this, because it with enabled a rogue program can just open up a port to wherever to communicate with. In all honestly, I think someone in your house is just going on your computer. There are a lot more effective and silent ways to steal data from a computer than a remote control program. Even a novice could use a basic script that would send every cookie, document, web history, configuration setting, anything... All within a few seconds.

Boot in safemode, run many virus scans

Unconnect Network cable check services.msc and Task Manager(processes) for any VNC services,

It's a RAT, using Wireshark or similar take a very close look at internet traffic from your browser, explorer.exe and other windows processes, and any oddly named processes. If you want to do this without the perpetrator realising, you could do something like setting up RDP and using a separate windows session that he cannot monitor

so you're saying watch the afflicted pc with remote desktop from another pc? we know who's doing it, we don't need to catch him in the act. we know he thinks we're not smart enough to "backtrace" him, so I highly doubt he's using a proxy or other measures.

Open notepad an type "I know where you live" in big letters, see what happens

[QUOTE=Amplar;34652092]so you're saying watch the afflicted pc with remote desktop from another pc? we know who's doing it, we don't need to catch him in the act. we know he thinks we're not smart enough to "backtrace" him, so I highly doubt he's using a proxy or other measures.[/QUOTE] Go to his house and graffiti penises all over his windows and doors. That'll teach him.

... How about boot up in safe-mode and just remove the damn thing?

[QUOTE=Amplar;34652092]so you're saying watch the afflicted pc with remote desktop from another pc? we know who's doing it, we don't need to catch him in the act. we know he thinks we're not smart enough to "backtrace" him, so I highly doubt he's using a proxy or other measures.[/QUOTE] Then call the police. Even if you get his IP, it doesn't mean much. They'll still need to subpoena the ISP to make sure it's that person you think it is, and why would they take your word for it when you tell them "Hey it's this IP I swear! I ran a wireshark trace and saw some TCP-..." ? At that point the police officer is already wondering why he showed up at your house. Why not help the cops help you instead? If you want to press charges, you'll need them anyway.

[QUOTE=Amplar;34652092]so you're saying watch the afflicted pc with remote desktop from another pc?[/QUOTE] No

How exactly do you know its this person? If you are so sure why cant you prove he is some other way? Worst case just reformat and reinstall windows.

Or just turn it off when you aren't using it.

[QUOTE=Smoot;34657805]Or just turn it off when you aren't using it.[/QUOTE] yeah and let some creep watch op's possibly weird ass fetish videos when he's using it

1. Migrate physical hardrive from pc into a virtual machine, using "Vmware vCenter converter" 2. boot into safe mode. 3. delete RAT from physical PC 4. assign the VM the ip you had on the physical machine, and change the ip on the physical machine to avoid IP-adress conflict. 5. Run VM 6. Watch as his RAT is now trapped inside the VM, and he doesen't even know it.

Its chris hansen, keeping children safe, no worries OP.

Metasploit the IP you find, and RAT him back. Or DDOS the fucker.

It's DOS you fuck DDOS is when multiple PCs are attacking

[QUOTE='[EG] Pepper;34743299']It's DOS you fuck DDOS is when multiple PCs are attacking[/QUOTE] No shit sherlock, that's why I said it. A small DOS might take a home network down, but a DDOS will. Besides, it wasn't meant to actually be taken into consideration, we all know he doesnt have a botnet to actually use.

[QUOTE=Amplar;34652092]we know he thinks we're not smart enough to "backtrace" him, so I highly doubt he's using a proxy or other measures.[/QUOTE] yeah the joke is you're not smart enough you said you know it's not a "virus", but if you're not actually a paranoid schizophrenic, the guy is using a RAT. Running scans using any common AV would prob. detect it. but I am pretty sure you're just a paranoid schizo and nobody is actually remotely accessing your computer(there's a lot of people like you and your family, don't worry, it's really common.)

HAHAHAHAHA.

I know what you do at night, op.

1. Open up several tabs of the scariest, most disgusting fetish porn you can find 2. Leave PC on 3. Repeat for a few weeks

I like the virtual machine idea, do it...

[QUOTE=Cob.Razorice;34784614]I like the virtual machine idea, do it...[/QUOTE] Then give Facepunch control over it, That will make sure he'll never bother you again. Maybe give you some strange looks but that's it.