Is it possible that someone can be accessing my computer remotely even
if I have a firewall and anti-spyware utilities installed, without any
indications and if so, if there any way I can detect and stop this? 
My computer seems slow at times and on more than one instance I've
received a Windows message when I shut down that says, basically that
someone else is logged on and that if I shut down they will lose their
data.

---

Request for Question Clarification by sublime1-ga on 18 Dec 2005 20:30 PST

longshot...

Even with a firewall and your typical antivirus (AV) program,
it's possible for what's known as a "drive-by" download to
occur as the result of simply visiting certain websites.

These sites can do a hidden download of a malicious file
containing a virus, and certainly it's possible to gain
control of your system thereby.

The best (free, by the way) AV program I know of has a Guard
component that detects and prevents these downloads. AntiVir:
http://www.free-av.com/

If a trojan has been run that created a new user profile,
you may be able to detect it and disable it by going to 
Start -> Settings -> Control Panel -> Users and Passwords.

On the Advanced tab, you can increase your security by
checking the box requiring all users to press Ctrl-Alt-Delete
before logging on. You can also click the Advanced button on
the Advanced tab and examine the User accounts there. If you
see one that is unfamiliar, or obviously not normal, you can
disable it by right-clicking it, selecting Properties, and 
checking 'Account is disabled'. If you are the sole user on
your machine, you can log in using an admin account and disable
all but admin accounts.

I won't presume to post this as an official Answer until you
confirm that it's taking you where you want to go.

Let me know where this takes you...

sublime1-ga

---

Clarification of Question by longshot-ga on 19 Dec 2005 12:00 PST

Unfortunately, this doesn't seem to answer my question. Sorry, I
probably needed to be more specific -

I have and run Ad-Aware regularly, also Hijack This and File Checker
(if there are any files you can suggest that I monitor with File
Checker for changes, I would appreciate it) and I also visit Trend
Micro online scan regularly so I don't think I have any spyware or
similar running unless it's something that can evade or hide from
those programs.

I also run AVG Free and on a recent scan, it didn't come up with any
viruses but it said that there was a change to my shell32.dll but it
didn't list it as a problem. Could that be anything?

Mainly, what I was concerned about was if there is - for lack of a better term -
a backdoor that could be being accessed or something running in the background?

Hope this helps - if not, let me know anything else you need to know. 

Thanks, 
Lou  :-)

---

Clarification of Question by longshot-ga on 19 Dec 2005 12:14 PST

P.S.

Oh, just thought of a major part of what really sparked this whole inquiry - 

I was over a friend's house (sort of a guru/hacker type). He showed me
how through the internet and networking/remote desktop type stuff
(pardon me, I'm a little vague on the subtleties of it!) he had access
to loads of other randon people's computers online (always on, dsl
etc.). Through a prog that he had, it would show him who was
"available" and had been hacked already, and he could store hidden
files on their computers and access them whenever, without their
knowledge if they were "available" ie., online.

---

Request for Question Clarification by sublime1-ga on 19 Dec 2005 16:24 PST

Again, yes, that's certainly something a hacker can do.
So how can I assist you? Did my previous post provide
you any direction, or can you further clarify what you
need as an answer?

sublime1-ga

>Is it possible that someone can be accessing my computer remotely even
>if I have a firewall and anti-spyware utilities installed, without any
>indications and if so, if there any way I can detect and stop this? 
It is entirely possible that you are infected and won't noteice
anything except a slowdown of your computer.

Nowadays worms, viruses and spyware authors are getting smarter and
try to find more reliable ways to exploit the services on your
computer.

>My computer seems slow at times and on more than one instance I've
>received a Windows message when I shut down that says, basically that
>someone else is logged on and that if I shut down they will lose their
>data.

Favoring free and reliable solutions (i, myself wouldn't bother with
Antivirus-Solutions -> all in all they simply don't scale), i advise
you to read the "Getting Started Guide" [1] and "Users Guide" [2] for
Core Force at [3] and Screenshots [4].

Short overview:

Core Force is a community driven project, where applications are
assigned profiles. Profiles restrict the possible interactions of the
applications with the operating system (windows 2000/xp). Ready-to use
profiles are available immediately after installation and new
applications can be integrated by a simple menu-driven wizard).

A GUI-firewall (Windows Port of pf/OpenBSD ) is integrated, also.

If you need more specific information, or want an detailed example of
malware which infects your computer without user-interaction - write
me a line ;-)

[1] http://force.coresecurity.com/index.php?module=base&page=factsheet
[2] http://force.coresecurity.com/index.php?module=base&page=download
[3] http://force.coresecurity.com
[4] http://force.coresecurity.com/index.php?module=base&page=screenshots

You can get a free eBook on how to configure your system so that no
viruses, spyware, malware etc. can get on your system.  I've used it,
it works perfectly and you don't have to buy anything.  And it has
info on how to check if there is any attempts at intruding your
system, too.

The site is http://www.stopspywareforfree.com

Hi Droneauth,

If Windows is informing you that another user is logged on (and you
don't ordinarily have multiple people using your machine), It's likely
that you have remote desktop/terminal services enabled, and someone
else is logged on in the background.

I'm assuming you are running Windows XP: If so, this should solve your problem.

Click Start
Click Settings
Click Control Panel
Click System
Click Remote
Uncheck the boxes labelled "Allow Remote Assistance" and "Allow users
to connect to this computer remotely"

That is likely it.

The fact that someone else is logging on (And you're not being logged
off) means that they most likely had physical access to your machine
at some point (in order to replace a Windows DLL that allows
simultaneous remote and local logins). If you're trying to track down
the culprit, start there.

Hope that helps you out

The other comments were correct with most of their posts, however no
one has seemed to mention "packet sniffing." P.S. (for short) is the
collection of data over a shared broadband connection in an area. An
example is that many companies who provide cable modems set up a
single fast connection over a large area to save on costs. All of
these PC's are pretty much networked together, and when data is sent
out or recieved over this connection it is possible for others to see
it with the right software. While the method itself is quite easy, it
is however very difficult to view any of the actual data, especially
if it is encryted (billing information or credit card information).
This method of hacking, while interesting, is hardly harmful when it
comes to the performance of other machines. The person who is being
"sniffed" could have a decrease in internet speed, but no  decrease in
hardware performance. While this may partially answer your question, I
will also add that no computer is completely hacker proof. The best
way to deter hackers is to have a software AND hardware firewall. Many
network routers have one built in, so make sure you use it and chance
the administration password frequently, along with all other
passwords. Also, virus software will most of the time not pick up a
hackers trojan horse because these types of programs are
insignificant, minimal people are affected by them, so virus companies
do not release updates for them. The best approach to getting rid of
such software is to completely reformat Windows every couple of
months, with XP this is quite easy and should not take more than a
couple of hours. If this answer is acceptable and you are still
offering a reward payment, please contact me and I will give you
instructions for such.

if nothing is working just back up your important files and reinstall
windows if you have got the CD,then start fresh,be careful in
installing all sorts of fancy programs,use EZ AV and Microsoft beta
antispyware
cheers

I think reinstalling Windows is the best suggestion.  If someone did
hack in, they can make it very difficult to determine.  Particularly,
if they manage to replace system files with ones that allow them to
hide their activities.

Talk to your hacker friend and ask him to help you to secure your
computer.  You would be unable to do this if you were worried that he
was the one storing files on your computer.

Alas, there is no way to protect your computer from hackers 100%
unless you include disconnecting it from the internet.  I agree that
you should format your hard drive and reinstall windows.  You could
also run some version of Linux which I think is harder for people to
hack or switch to Mac's.

I have a friend who knows about this stuff and they agree that a
really good hacker could get by any firewall.

~Ben

1) What surprises me is that no one told you that :

Windows ALWAYS warns that people could be connected, and might lose data.

2) Then if you want a decently secured windows install : do the
following (you might want to do that on a fresh, safe windows
installation (the best is to download all software I will tell you
about, put it on a CD, backup your data, reinstall windows - format
disk of course, then BEFORE HOOKING UP YOUR MACHINE TO INTERNET) :

- Get all latest service packs for the software you use (Windows XP,
Office, etc...) : http://support.microsoft.com/sp

- Get all latest Hotfixes (bug fixes published after a service pack release) :
Go here http://www.microsoft.com/technet/security/bulletin/summary.mspx
and click on each month to see available hotfixes. Domwnload the
"critical" and "important" ones.

- Switch to Mozilla Firefox instead of internet explorer (which is
full of backdoors) : Very good browser, more secure, you can import
your bookmarks from IE, etc.. :
http://www.mozilla.com/

You can also uninstall Internet explorer :
http://support.microsoft.com/?kbid=293907

- Get a better and safer mail client : 
Thunderbird :
http://www.mozilla.com/thunderbird/

- Again to prevent using internet explorer's renderer get an
alternative to Windows Media Player :
http://www.winamp.com/

- Get a decent firewall : 
        -for the FREE solution : Outpost free
        http://www.agnitum.com/products/outpostfree/index.php
        
        - if money isn't (too much of) a concern : Outpost Pro
        http://www.agnitum.com/products/outpost/index.php

-Get a decent anti-virus : 
        -for the FREE solution : AVG
        http://free.grisoft.com/doc/2/lng/us/tpl/v5
        
        - Paying solution : Kapersky
        http://www.kaspersky.com/personal

- Get "Zeb Protect" : 
Having a firewall is not enough, because if a system component asks
for a port to be opened, the resquest is gonna be considered
legitimate, and the port will be opened as long as the service runs.
Zeb protect is a free software that closes critical and dangerous
ports on your computer. There other nice options available -- ONLY
PROBLEM : IT IS A FRENCH PROGRAM, but you might be able to understand
most of it, if not leave the bold options checked. Anyway you will
only have to launch it once to secure your computer :

http://telechargement.zebulon.fr/license-1-123.html (click on "J'accepte")

- Get an anti-spyware : 
           Free solution : Microsoft AntiSpyware
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

           Paying solution : Pestpatrol
http://pestpatrol.com/

- You can also get the great Spyblocker, if you want to pay for it.
It's a local proxy that will block all sorts of Spyware, Adware,
Worms, Activex, Popups, Ads, Cookies, Scripts, Web Sites, Web Bugs,
Style Sheets, etc...
http://www.spyblocker-software.com/spyblocker/sb.shtm

- Get XP-Antispy : http://xp-antispy.org/index.php?option=com_remository&func=sellang&iso=en
CAUTION : the websites xp-antispy.de and xpantispy.de have nothing to
do with that last one : those are sites which try to install a dialer
on your machine

- (For an advanced user) Get SSM (System Safety Monitor) : a program
which will monitor changes to your operating system and softwares, and
control integrity.
http://syssafety.com/product.html

NOW what you might want to do before that is partition your hardrive :
what I did on my sister's one, which is running XP, is a SYSTEM
partition of  about 5 gigs (you don't need a lot of space for the
operating system + programs), and the rest of the disk space for the
DATA partition.
You can point your "My documents" folder (which is under C:) to a
folder located on the DATA partition by right-clicking on it, then
select properties and   "change target".
That way once you've done your secure install, you can back up your
SYSTEM partition with a software such as ghost (you will need another
disk or partition   at least the size of the used space on your SYSTEM
partition, or a CD recorder - other options available, such as network
drive), and whenever you have a problem , you launch a restore, and in
5 minutes you have your system back how it was when you installed it,
while keeping all your documents accessible on your DATA partition.
Partitioning your drive is easy as 1,2,3 when you install windows, but
you can also get "partition magic" to create, delete, resize
partitions and more..

"Ghost" and "Partition Magic" are not free softwares though.

Alternative solution to all of the above :

If you want to think outside of the box, explore all the capabilities
of a computer, or simply do every day desktop tasks :-) :

Get Linux : THE operating system : much more secure (there are, for
example, very few viruses that can affect it), much more stable (lots
of people -like me- never have to reboot their computer, when they run
on linux, where you have to do it at least once a day with windows, if
you don't want it to cough miserably   and shuffle its feet every time
you open a window), much more hardware-efficient (it takes full
advantage of your computer's components features -you can actually run
it on a pretty old computer, and not see the difference in power with
an actual one running Windows- etc.. etc.. ETC...

and I insist on the "etc".
If you are interested by it and dont know where to start, get Mandriva
linux ($50) :  http://store.mandriva.com/product_info.php?products_id=285&language=en
 Installs in 15 minutes, easy to use, etc..(then if you get the taste
of it, get a more spicy one like me : Gentoo (www.gentoo.org), free,
powerfull (much longer to install though) and supported by a large
community of fanatics :-) http://gentoo-wiki.com/Main_Page

Et voila !

I hope this will have helped you, (as I spent 2 good hours at least on it :-).

PS : I read in a comment something about a guy seeing others people's
computers : that guy has wireless, his neighboors too, and they
configured it bad.
If you have wireless, just tell me, I might have a link or two to
provide you with :-)

PS2 : I might have been forgetting some stuff, been out of scope on
one or two points, hope you don't mind, but it's 2am and I need some
sleep :-s I'll check later tomorrow (today actually), read comments
more thoroughly  and might add a couple more suggestions...

PS3 : No PS3

Hi,

 I think I know your answer and is not a problem at all.

Please state the exact error message you are receiving
when shutting down your PC!

Sometimes you have programs still running without you
even know about them or what they are.

When trying to switch off your PC warns you that you are
closing these program and pops up that message. 

If that is the message you are recieving you probably are given
two options:

1) End now (click that to end program instantly)
2) Wait (the PC waits for program to stop before it shuts down)

If that sort of message is what you receive than it is not a problem.
However you still require untiadware + untivirus when you are online
to delete spyware and adware.

Regards,
Delete spyware
http://www.deletespyware-adware.com