Windows 7 Is someone remotely using my computer?

[ashjack]

I'm not sure if I am posting in the right place, or even in the right forum, but I'm worried about the situation I am in.

I was playing a fullscreen game, and then the game closed without warning (this may have been a crash, not related to my issue) and as soon as the desktop showed up, there was a notification identical to that of Google Chrome asking me if I wished to save a password. It showed a random email, and the website was 'spark(.)net' I have never been on this website, and didn't even have google chrome open at the time.

Does this mean that someone is somehow remotely using my PC?

 

[Jimbo22]

Yes, it's very possible. Playing games on 3rd party sites unlike Steam and Origin can easily install some malware/spyware or execute some remote code to take over your system.

I'd change you Google (I'm assuming you have a gmail accout) password. Then run some malware scans for any malware/spyware that may be luring on your system.

 

[BurrWalnut]

From various websites, I’ve compiled this list of some things that can be checked:

1. First of all check if any rogue programs or services are running. Open a Run window (Windows Logo key+R), type msconfig and press Enter. On the Startup Tab, uncheck any entries that are unknown to you. Repeat this for the Services Tab. If you uncheck anything, restart the computer and when it restarts, put a tick in ‘Don‘t show this again‘ as you‘re effectively doing a selective start up.

2. It’s probably not relevant these days but this only takes a few seconds to check. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type system.ini and press Enter. If under [drivers] there is an entry user=user.drv, you may have been hacked, so restart the computer and check again. An entry of timer=timer.drv is safe.

3. Now check the net statistics:

3A. Open a Run window (Windows Logo key+R), type cmd and press Enter. Now type netstat -ano and press Enter. If ‘Established’ is in the State column, make a note of the PID and the Addresses alongside it, as someone may be hacking you. If the IP Address begins with 192.168, you are safe as it’s part of your home network.

3B. To check if you are being hacked, open Task Manager by hitting Ctrl+Shift+Esc. Go to the Processes Tab > View > Select Columns and put a check in the PID box so that the column is displayed.

3C. If the PID that you noted in 3A appears and it is not a name that you recognise, right-click it and End the process. You can click the word PID at the top to sequence the numbers to make it easier to find. Restart the computer and check again.

3D. If you didn’t find the PID, restart the computer and rerun the netstat –ano command. Open Google in a browser window and type the IP Address into the search box. If it’s a suspicious site, restart the computer and check again

4. Lastly, run your ‘anti’ programs to clear up any residual files, which you should be doing on a regular basis anyway.

 

[pnamajck]

burrwalnut … thanks for your informative post … brought up some interesting points … and, certainly helped to assuage some of my paranoia.

for others out there wondering how to reveal the pid-column in win-10 task-manager … pull it up and click the processes tab … hovering your mouse in front of the "name" field will produce light-blue highlight … clicking the name-field with right mouse-button will reveal small sub-menu … that's where you can select the pid-column.

pls see att'd image … thanks.



edit:
wanted to include a link which explains the "netstat" command:

Spoiler: click here

http://www.tldp.org/LDP/nag2/x-087-2-iface.netstat.html