Help me find out if someone is spying on my computer
January 4, 2007 10:08 AM Subscribe
Can you help me diagnose if someone is spying on my computer?
posted by RustyBrooks to Computers & Internet (30 answers total) 1 user marked this as a favorite
I think there is some kind of spyware installed on my computer, and I somewhat suspect that there is an actual person using it to spy on my (as opposed to generic spyware that is sort of a bot sending info about me somewhere).
(Note, my computer is a Win XP machine)
I first noticed that sometimes my cursor would jump around kind of suspiciously, jumping often to the start menu location or maybe one of the other corners of the screen. There are a few other symptoms but no point in going into it here. I started poking around, starting first with the normal standard tools. HijackThis, AdAware, Spybot Search and Destroy, etc. Not much is coming up.
I do an nmap from a trusted computer on the computer I think is being spied upon. I do a TCP and UDP scan and here are some select entries:
1664/udp open|filtered netview-aix-4
1666/tcp open netview-aix-6
A quick google search shows that this is usually some kind of network monitoring program. Note that this doesn't necessarily mean that's what is running on that port... I telnet to that port and I get:
No idea what this is supposed to be.
Of course, my network is fairly locked down so I don't think anyone can GET to this port from outside, but I think it might indicate that something nefarious is running, and that nefarious thing might connect from my network to some other computer somewhere.
There is also something running at port 8080. 8080 is usually a web proxy port but I don't think I have anything running which would qualify as a web proxy.
I have a lot of experience with computers and a decent amount of experience with computer security. I'm hoping someone can help me find out what might be running on my computer (if anything), how to get rid of it, and, to my mind, how to find out who or what it is.
As sort of a caveat/afterthought... I play poker to supplement my income (it amounts to about 1/4 to 1/3 of my total income) so if someone is watching me, this would be very, very bad, and honestly, I've had some reason to believe that someone might be watching me, in this regard.
I've started doing ethernet packet capturing both on the affected machine and on the network as a whole, and I hope to find something in that. There's an awful lot of data to go through, though.