Menu
homeTelephone

Someone is controlling my computer, how can I fix it? How to find out if your Mac was accessed without asking. At work or at home. Check your browser history

Is someone secretly using your computer? No problem.

Have you returned home and noticed that your computer is somehow out of position, your monitor is turned, or there are crumbs on the table? Do you think that while you were away, someone at home accessed your computer without permission? How can we find evidence for these assumptions?

Here I will tell you how to identify “secret infiltrators”, as well as how to find out what exactly they were doing on your computer.

1. Check your browser history

This is the easiest and fastest way to find out that someone has used your computer and accessed the Internet. But everyone understands perfectly well that smart people always delete their browser history, especially if they are using someone else’s computer.

Most likely, your suspect is not so stupid as to leave such obvious traces of his presence, is he? But there is a catch here too!

The “infiltrator” could delete only his browsing history, or he could delete it along with your previous history. If you go to your browser and see an empty history, but you know for sure that you didn’t delete it yourself, then this is the first sign that someone was using your computer without you.

If your “spy” is not at all stupid, he could use a private browser session, in which case everything will be fine with your browsing history. But even here you can track his actions using the OpenDNS Internet service; this service, of course, is paid and you need to connect it in advance, but for some it may be indispensable.

OpenDNS allows you to store every URL visited from your home network for a year.

2. Check the logs on your computer

Know that no activity on your computer goes unnoticed. Each computer stores a list of absolutely all the actions it performed. And this great feature comes in very handy when it comes to suspected secret use of your computer.

In addition, the logs are stored with a time stamp, which will help you accurately track activity on your computer in your absence.

Windows logs contain quite a lot of information about user activity, the progress of loading the operating system and errors in the operation of applications and the system kernel. That's where we'll look. Open Control Panel, find Administrative Tools and select Computer Management. Here you will see “Event Viewer”, this menu item contains “Windows Logs”.

There are several of them: Application, Security, Installation, System. The security log necessarily contains login information for all users. The application log contains information about applications that were launched while you were away.

It is these two logs that should give you a convincing answer whether someone used your computer or not.

For Mac users, there is also a way to view the logs and see the activity time on the computer. To do this, you just need to go to /Applications/Utilities/Console.app, select “All Messages” and you will receive a complete list of actions and the time they were performed.
In this case, the main thing is to understand what exactly you were doing on your computer, and what your “infiltrator” was doing.

3. Set a trap for the spy

If you have not found any evidence from points 1 and 2, but still believe that someone is using your computer without your knowledge, then you can try to set a trap and catch him red-handed. There are several ways to do this.

The first method is suitable for Windows users and is not particularly complicated. You just need to go to Windows Task Scheduler and create a simple task. When creating a task, specify the event (trigger) “Login to Windows”.

Now think about what you would like to do when someone logs into the computer without you. The simplest option is to send a letter to yourself, for example, on a communicator.

Although personally I would prefer another option - “Run a program”. And then I would download some kind of prank program that removes the Start menu or plays an audio recording of your menacing voice on powerful speakers with excellent sound, such as the Bose SoundTouch 20 Series III. Imagine the face of the unknown at this moment!

The second option is suitable for absolutely all devices - this is the Prey program. This is an application that, when launched on a computer/phone, sits quietly and remains silent, and upon a signal from the owner, it begins to quietly monitor the actions of the current user. There is also an Elite Keylogger app that tracks all your mouse actions or keystrokes on your keyboard.

There are both free and paid and more advanced versions of these applications. But catching a “spy” at the crime scene is worth it.

4. The camera won't deceive you

If for some reason you could not find evidence of secret penetration into your computer, but are sure that this has happened and will continue to happen, then you can use the oldest and surest way to catch a suspect with all the evidence.

This, of course, is to install a hidden camera. Fortunately, now there are very small cameras that, moreover, can broadcast everything that happens directly to your phone. The main thing is to install the camera so that your “spy” does not find it, for example, hide it on a bookshelf or in a flower pot not far from the computer.

And voila! Every minute you can monitor what is happening with your computer and in general in the room while you are away.

Friends, in fact, the issue of personal data worries many now, and it is unlikely that anyone would be calm about the fact that a stranger is getting into your computer, but it is not always worth turning this into an investigation, and then, perhaps, into conflict.

Sometimes it’s enough just to ask a person, and he will admit it himself. And maybe it wasn’t an interest in your data, but an urgent need to go online or something similar. Don't forget to find out the reason for your "spy"'s actions!

Curiosity, as we know, is an immutable human vice. Therefore, today we will talk about it. I've been asked the same question over and over again: how can I tell if someone was using my computer when I wasn't around? Most of all, users are interested in whether the computer has a log that records the operation of the PC, including records of turning on the computer or laptop. I think that even if you didn’t ask this question, you also became interested in how you can check whether the computer was used in your absence and what exactly was done on it.

To answer this question once and for all in full, I decided to write an entire article on this topic. As soon as the computer turns on, recording in the “log” has begun. It will display all the operations that are performed on the computer. In more scientific language, an “event log” is recorded. There will be both the date and time of the operations performed. In addition, a record of running operating system processes is kept.

How do you know if your computer was turned on?

In order to find out, you need to open the event log. To do this, go to “Start” and enter the phrase “Event Viewer” in the search bar. Open the found file.



In the window that opens, you need to find “Win ​​Log” in the menu on the leftdows” and then “system”.

You will see a list of events, which will be a table. In it you will find the name of the event, the time and date when this event occurred, and the event code and category are also displayed here.

By looking at the table, you will see when the computer was turned on and when it was turned off. When I studied the latest events, I realized that no one was using the computer in my absence.


Actually, this simple method will easily and simply allow you to understand whether your computer was turned on without you or not. Well, if someone uses your computer without your knowledge, I recommend setting a password for your account, then certainly no one will be able to use your PC without your knowledge. That's all. Thank you for being with us!

Problem

I first encountered the problem of remotely managing my home computers back in January 2011. Then I managed to get rid of this annoying “helper” by reinstalling the OS (Windows 7). However, now everything has become much cooler. Today MY computer tells me that I do not have access rights to manage it: (for example, from today, in response to an attempt to format a screw, the computer tells me: “Access denied: insufficient privileges. This tool must be run with elevated rights.” Moreover , that I logged in as Administrator. I definitely dare to say that I always take absolutely ALL precautions regarding known security measures! Namely: the Internet is connected through a router that has a password; the licensed seven was configured according to all security schemes (maximum level of protection). ); licensed Kaspersky was also configured to the maximum. I always disabled all updates in all programs, and in general I do not use the Administrator account; I always work under the user account (both accounts with non-trivial passwords..); However, now I have full remote administration again.

Question: How to find these “helpers”? How to punish so that in future it will be discouraging? How to prove that this is actually an invasion of privacy, a criminal offense?

And just... What do you recommend?

Kaspersky Internet Security (KIS 2012). Actually, this is where the next trial began... when I tried to demolish KIS2011 in order to install KIS2012 (licensed, of course), my computer said that I did not have such rights :(

under Administrator, he refused to start me at all, he said that the “Group Policy Client” service was preventing me from logging into the system... In response to my annoying questions to the provider, the answer was received that there was nothing of the kind...

A user who does not have administrator rights cannot install applications that make changes to the system registry.

There are also access rights to logic, folders, and files. Look at the built-in help on access rights (the owner has the right to grant rights to a user or user groups).

The provider did not answer exactly my question: WHO are these users of my computer?

I screened the user group from the built-in help, from which it is obvious that remote control is present.

Irina, the programmer to whom I told about your situation, explained. that the seven does not have an absolute administrator: the administrator has his own rights for each action. The maximum is for the one who installed the licensed software. Advice: lower the protection level.

I don't know if it will help or not)

I have Linux installed.

I know that in theory I am the MAIN in the seven :)

BUT due to the fact that my computers are remotely controlled, there are people who have appropriated my rights to themselves.

So I’m wondering: how to prove this? and where? so that something like this never happens again.

Solution

Irina, you need a conclusion from a specialist from a well-established organization in this area that remote PC administration is taking place.

If someone knows your IP address or PC name, you can of course assume that your passwords have been hacked.

Article 272 of the Criminal Code of the Russian Federation Unlawful access to computer information:

1. Unlawful access to computer information protected by law, that is, information on computer media, in an electronic computer (computer), computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, system Computers or their networks, -

shall be punishable by a fine in the amount of two hundred to five hundred times the minimum monthly wage, or in the amount of the wages or other income of the convicted person for a period of two to five months, or by correctional labor for a term of six months to one year, or by imprisonment for a term of up to two years.

2. The same act, committed by a group of persons by prior conspiracy or by an organized group or by a person using his official position, as well as having access to a computer, a computer system or their network, is punishable by a fine in the amount of five hundred to eight hundred times the minimum wage or in the amount of wages or other income of the convicted person for a period of five to eight months, or correctional labor for a term of one to two years, or arrest for a term of three to six months, or imprisonment for a term of up to five years.

THANKS A LOT!!!

Unfortunately, it will be difficult... but I will try.

This is what Novosib's largest providers do. I came across it for the first time on Webstream from Sibirtelecom (then)... and now it is Novotelecom (Electronic City). Although they wrote that they don’t do this, BUT all their behavior (how they chatted me up without answering specific questions) indicates the opposite.

I was just butting heads with the STK for speed that didn’t exist. And I entered the “card space”... the storage of which is NOT ON THE LOCAL PC! and I began my independent investigation, the result of which was confirmation of the claim.

It was precisely because my friend lost more than 100 thousand rubles. translation via alpha click, I did not cast aside these suspicions, but decided to bring it to its logical conclusion.

My children (a 23-year-old daughter and her mother) use e-wallets from their PC. BUT no one has NEVER created wallets from other computers (mine and my husband’s). All our computers are independent (moreover, each PC has a different Windows installed) in the router; I deliberately did not combine them into an internal network so that I would not be attributed to using the pier :)

Irina, I recommend that you also pay attention to Article 137 of the Criminal Code of the Russian Federation

Violation of privacy

1. Illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or dissemination of this information in a public speech, publicly displayed work or the media -

shall be punishable by a fine in the amount of up to two hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of up to eighteen months, or by compulsory labor for a term of one hundred twenty to one hundred and eighty hours, or by corrective labor for a term of up to one year, or by arrest for a term of up to four months, or imprisonment for up to two years with deprivation of the right to hold certain positions or engage in certain activities for up to three years.

2. The same acts committed by a person using his official position, -

shall be punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of one to two years, or by deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years, or by arrest for a term of up to six months, or imprisonment for a term of up to four years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to five years.

Hello! A programmer friend of mine said that it is not at all necessary that someone broke into the computer. He advised doing this:

"1. You can understand what is happening with the rights through various compmgmt.msc (Start -> Run -> Compmgmt.msc) and other similar snap-ins under the admin
2. You need to look at logs and group policies
3. If standard research methods do not help, we use the utilities sysinternals.com: there are so many of them that it will be enough to investigate any type of cause.

I usually use ProcessMonitor, ProcessExplorer"

If this doesn’t help, write, I’ll try a programmer to explain in more detail)

It was by the methods listed that I established this fact;)

Moreover, the CIS has a full system scan utility. It was the results of the CIS report (local!) that served as the reason for my complaint to the provider, to which the answer was NOT RECEIVED!

Quote:

Roman, don’t copy and paste horror films...

Hmm, I thought everyone already knew. To those who do not believe in Google, at least look at the company Absolute Software and its Computrace.

I’ll briefly explain to those who have poor understanding of English and/or technical details. To combat the loss/theft of laptops, the extent of the damage from which in recent years has become many times greater than the cost of providing security, an agreement was signed between computer manufacturers, bio-writers and authorities responsible for security on the initial pre-installation of new systems in the BIOS of the client part of the remote control system computer. The installed module is free for companies/biowriters/buyers, but without activation the owner will be able to use its capabilities. To do this (activation), he will need to pay a certain amount to the company that developed the module (one of which is the mentioned Computrace). Then, in the event of a computer loss, the owner can use a utility from the company to gain access to his computer as soon as it connects to the network. If you wish, you can either destroy the data or encrypt it before returning the computer. Thanks to the same broad agreements with intelligence agencies, localizing the location of a computer is not particularly difficult. Those who still don’t believe can read the price lists of these companies, where there is one of the clauses - payment of a penalty in case of non-return of the laptop within 48 hours from the moment the laptop appears on the network (the time and amount of the penalty vary, but approximately this is the case - a couple of days and about $1000 for each laptop).

Operating principles vary depending on the development company. In the simplest case, this is quite carefully hidden a la spyware for Windows (hidden enough that well-known antiviruses do not try to kill it - which, by the way, constantly needs to be updated, because with new versions antiviruses begin to block their action ). Such things are inexpensive, but can be easily neutralized by a primitive reinstallation of Windows. In addition, it is clear that they are not functional in OS Linux/MAC by definition.
In the case of advanced systems, everything is much more complicated. The module is located in the BIOS itself (and not in pre-installed Windows) and therefore formatting/rearranging Windows, even to a physically different hard drive, does not harm it. Moreover, the most advanced versions that work via SMM do not depend on the type of OS and will work equally well in Linux and MAC OS.

In addition, modern systems equipped not with BIOS, but with EFI, allow you to control even a computer that is turned off when it is physically connected to the global network (that is, the LAN connector is not removed from the laptop and there is a physical connection to the Internet). Those whose jaws dropped after reading this sentence - we pick them up from the table, those who broke into an evil smile - we suddenly float down and go to the secret site intel.com, where we read and understand the essence of their IPAT technology (Intel Platform Administration Technology). For those who are too lazy to read or it’s not too clear, I’ll say briefly: not even entirely between the lines, but more and more in black and white, the above is just confirmed. Actually, Intel’s promotion of a well-known but little understood “feature” in the form of EFI as a replacement for BIOS is the main condition for its sale of such technology, convenient in every sense.

In summary, that’s why the title of this article did not include the question of “can this happen or not.” We have passed this, a stage long passed. The only question is - who?

p.s. can it be converted into a poll? "Who controls your computer?" Options:
- NSA
- UIBGSHNOAK
- I don’t understand well, that’s why I thought it was me and my wife. Although, no - still children and a neighbor. Occasionally an evil hacker with a strange surname Odmin, to whom we give money for the Internet.
- I'm protected - I don't have a computer. (This is a really good joke)
- Aliens.

p.s.p.s. I have to disappoint the Patriots on the one hand - the Russian FSB and the Belarusian State Central Intelligence Agency do not have such tools. On the other hand, I’m glad to hear that tax persecution in this way (at least for now, but I think not soon) is not yet a threat. That's why they break through their pop classmates...