How to Tell If Your Computer's Been Monitored

 

Review processes

Log-in to your computer as an administrator. Right-click on your task bar; choose "Task Manager"; ensure the "Show All Processes" box is checked. Click the "Processes" tab. Look for any processes about which you are unsure. These processes may be responsible for unauthorized monitoring and abuse of your computer and network resources.

 

Identify malicious processes

Categorize the processes into "known good" vs. "not sure" vs. "left-over + bad." Kill any rogue/bad processes identified, as well as any leftover programs you no longer use. Highlight any unwanted process, then click "End Process." Choose "Yes" to continue ending the task when the "Warning" pops up. Make note of each malicious process name.

 

Malicious Run keys

Click "Start," then "Run," then type "regedit" and press "Enter." Navigate to the following keys in the registry editor and identify and remove any malicious monitoring processes that may be running at startup. The first key to check is:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Next, check: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
To remove the unwanted "Run" entry, right-click it, select "Delete," then click "Yes" when prompted.

 

Add Remove Programs

Review "Add/Remove Programs" and identify any programs that have been installed without your knowledge; uninstall malicious programs, some of which were identified in the previous steps: Click "Start," navigate to "Control Panel," then choose "Add or Remove Programs." Scroll to the leftover or rogue program, highlight it, then click the "Change/Remove" button and follow the prompts to uninstall it.

Update your antivirus definitions and have your antivirus software do a full, in-depth scan of all files and processes (including in-memory processes). This often will identify unwanted trojans, cookies and other malware that may be monitoring your system.

 

Windows Update

Open your browser, then click "Tools." Choose "Windows Update;" allow Windows to scan for needed updates and to apply the latest patches, malware removal and "Defender" software; and allow the software to scan for maladies. This can identify and remove clandestine monitoring software.

 

Keyghost Keylogger

Visually inspect your computer for physical keyloggers, such as "Keyghost;" connected between your keyboard and the keyboard connector on the back of your computer.

Search for free anti-keylogger sofware or install commercial anti-virus/anti-keylogger software, which often will identify software keylogging programs that have been covertly installed.

Right-click on "My Computer," then click "Manage." Expand the "Users and Groups" interface when the management console comes up. Highlight the "Users" branch and look for any users who have been added without your knowledge. Highlight the "Groups" branch and look for anyone in the Administrators and Power Users groups who has been added without your knowledge.

Click "Start," navigate to "Run," then type "cmd" and press "Enter." Type "netstat -a" from the command prompt and review the various IP connections to your system. Any foreign addresses not recognized could potentially be monitoring your system. Verify the IP addresses, the ports and the purpose of each network connection.

Configure your firewall settings at the highest level, whether you are using third-party or Windows firewall. This will notify you whenever inbound or outbound monitoring attempts are made, requesting your permission before connections are allowed.

Click "Start," navigate to "Run," then type "eventvwr" and press "Enter." From the Windows Event Viewer interface, expand the "Windows Logs" section, then highlight the "Security" section. Review the security events for any unusual repeated log-in failures, unusual log-ins from unrecognized accounts or other unusual events.

On Windows XP: Click "Start," navigate to "Run," then type "cmd" and press "Enter." From the command prompt, type "msinfo32" and press "Enter." Review the various areas, including any boot, configuration and startup items, for any unusual startup or boot processes. Review "Network Connections," "Running Tasks," "Loaded Modules," "Services" and "Startup Programs." Make note of and investigate any unusual items in those areas.

Install freeware or commercial Network Intrusion Detection Systems (NIDS), or Host Intrusion Detection Systems (HIDS) such as TripWire. Run the NIDS/HIDS software and review the alerts.

Install a freeware or commercial network sniffer (hardware or hardware-software combination) between your host and your closest network connection. Review the packet traffic captured by the sniffer for any unusual activity.