{"id":492146,"date":"2010-03-31T03:30:00","date_gmt":"2010-03-31T07:30:00","guid":{"rendered":"http:\/\/techie-buzz.com\/how-to\/how-to-find-out-who-is-spying-on-you.html"},"modified":"2010-04-27T10:09:35","modified_gmt":"2010-04-27T14:09:35","slug":"how-to-find-out-who-is-spying-on-you","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/492146","title":{"rendered":"How to Find Out Who Is Spying On You"},"content":{"rendered":"

\"spying-on-you\"<\/a>[Windows Only<\/em>] Today, I found out that my computer at work had a trojan infection. Most of my co-workers would never have noticed the bug, but a little luck and the right tools made my discovery possible. Since I discovered the infection early, I was able to quickly \u00a0remove the malware<\/a>. Do you know if evil computers are connecting to your PC? If you really want to find out, I recommend that you try two utilities from NirSoft.<\/p>\n

Download and Install:<\/strong>
\nCurrPorts<\/a> and IPNetInfo<\/a> are both portable applications that are offered as ZIP files. You can unpack these ZIP files anywhere on your hard drive or even onto a flash drive to use them. CurrPorts and IPNetInfo work best if you put the files from both programs into the same folder. After I downloaded and unpacked them,\u00a0 I ended up with the following files in my CPorts folder.<\/p>\n

\"currports-file-list\"<\/a><\/p>\n

Run CurrPorts:
\n<\/strong>You can run CurrPorts by launching the cports.exe file. It will scan your computer and display a list of processes on your PC that are using the network and internet connections. The list contains the following columns of information on each connection.<\/p>\n

Process Name *
\n<\/span>Process ID
\nProtocol
\nLocal Port
\nLocal Port Name
\nLocal Address
\nRemote Port
\nRemote Port Name
\nRemote Address<\/span> *
\nRemote Host Name
\nState
\n<\/span>Process Path<\/span> *
\nProduct Name
\nFile Description
\nFile Version
\nCompany
\nProcess Created On
\nUser Name
\nProcess Services
\nProcess Attributes
\nAdded On
\nModule Filename
\nRemote IP Country
\nWindow Title <\/span><\/p>\n

Search the information:<\/strong>
\nThe most important columns to pay attention to are the columns described below.<\/p>\n

Process Name<\/em><\/span> is the name of the program or service on your PC that is making the connection.<\/p>\n

Process Path<\/em><\/span> tells you where the program or service is located on your hard drive. It’s important to know this location if you suspect that you have a spyware, virus or trojan infection.<\/p>\n

Remote Address<\/em><\/span> is a set of numbers that is often called the “IP Address”. This address is needed to identify the computers connected to you by the internet.<\/p>\n

Many of the connections you’ll see won’t even have a remote address and you don’t have to pay as much attention to them. In order to unclutter the list and concentrate on the remote IP addresses, you can use the Options menu and uncheck the item labeled “Display Items without Remote Address<\/em>“.<\/p>\n

\"currports-display-options\"<\/a><\/p>\n

Identify WHO IS connecting:
\n<\/strong>Now that you have some IP addresses displayed, you can find out more about them by using NifSoft’s IPNetInfo utility. When you right click on any remote address shown in CurrPorts, you can find out more about it by choosing the IPNetInfo option. IPNetInfo will pop up and give you the WHOIS information if it’s able to.<\/p>\n

\"currports-with-ipnetinfo\"<\/a><\/p>\n

Here’s an example of the WHOIS info for a Google page in Internet Explorer.<\/p>\n

\"ipnetinfo-report\"<\/a><\/p>\n

IPNetInfo.exe can be run all by itself by launching the ipnetinfo.exe file. When it’s running this way, you will have to paste in the IP Addresses manually to initiate WHOIS searches.<\/p>\n

Stop the Spies:<\/strong>
\nOnce you’ve identified all the owners of those remote IP addresses, you should have a better idea about who they are. You can usually find out more about them by using the company name in an internet search. If you are still suspicious that the IP addresses you are seeing are from the bad guys, you can check in several places to find out if they are on a watch list. I recommend that you search for malicious addresses at hpHosts<\/a>. Just paste the remote IP address into the search box.<\/p>\n

If you’ve identified a connection you don’t want, you can right click on entries in CurrPorts and either “Close” the connection or “Kill” the process on your PC. If you have a process running on your machine that continues to connect to IPs that are suspect, you should probably save an HTML report as shown below, then run an Anti-Virus and Anti-Spyware scan. I recommend using MalwareBytes<\/a> or one of the other good free spyware removers<\/a>. If that doesn’t do the trick, get some help from one of the Anti-Spyware forums. I always visit Temerc.com<\/a>’s forums when I need help.<\/p>\n

If you wish to ask me about some of your remote connections, you can select one or more items in CurrPorts, click on “View” > “HTML Report – Selected Items”. When the report pops into your web browser, you can copy and paste the information into the comments below this article. You can also save the report from your browser using the File > Save menu.<\/p>\n

\"V\"<\/a><\/p>\n

Have a good day and surf safely<\/strong>!<\/p>\n

\nShare:<\/strong>
\nComment on This Post<\/a> |
\nTweet This<\/a> |
\nShare on Facebook<\/a> |
\nSave to Delicious<\/a> |
\nStumble This<\/a> |
\nDigg This<\/a> |
\nReddit This<\/a>\n<\/div>\n

<\/p>\n

TAGS:<\/strong> AntiLogger<\/a>, Antimalware<\/a>, Antispyware<\/a>, Freeware<\/a>, network tool<\/a>, Online Security<\/a>, Security Breach<\/a>, Security Software<\/a>, Windows Security<\/a><\/span>
\n<\/small><\/div>\n
\n
\nAnnouncement:<\/strong> Missing Mobile News in the Main RSS Feed? We have decided to remove the mobile content from the main feed, please subscribe to our dedicated Mobile News RSS Feed<\/a> at http:\/\/feeds.techie-buzz.com\/techiemobile<\/a>. Thank you for your understanding.<\/font><\/p>\n<\/div>\n
\nHow to Find Out Who Is Spying On You<\/a> originally appeared on Techie Buzz<\/a> written by Clif Sipe on Wednesday 31st March 2010 03:30:00 AM. Please read the Terms of Use<\/a> for fair usage guidance. <\/div>\n

<\/p>\n

Don’t miss these Related Posts:<\/h2>\n