Someone accessing my computer without my knowledge?

[Killamaker]

Okay, this is ver weird, and sorry if its in the wrong forum. Anyway,
I went to Youtube to get a link for my friend on facebook. I got to the video and I clicked on the video. It started playing and kept going to beginning and switching around. Sounds like bad buffering or just a normal glitch, right? This is where it gets creepy. It goes to a page before the youtube video and wont let me get into the video, like someone is pressing the backspace button. it wasn't me, I was trying to click on the video. I finally get the link and bring it to facebook and paste it in. A minute or less later I tried typing in something in the facebook chat and I watched "VI The meatgrinder" get typed in. That is a BF3 server as some of you may know. I have no clue at all how this happened, and I didn't press cntrl+v. I watched it get typed in. Does anyone have a clue as to how this would happen? I dont have remote assistance typed in. i checked my download folder and nothing was there that shouldn't be. I did a virus scan, and nothing came up except the things that usually get detected. The even creepier thing is that my friend on steam experienced the same thing except it got searched into google. Sorry for the word wall, but this is really weird. Any input is appreciated. And again, feel free to move this to the appropriate forum.

 

[AFurryReptile]

Yes, it sounds like somebody is inside of your computer (probably with some sort of remote assistance tool)

In the Windows 7 search, type 'msconfig' and hit enter. Go over to the startup tab, and look for remote assistance software that may be starting up. Disable anything you don't need to start; post the list here if you are unsure.

Also, do a Ctrl+Alt+Del and click on Task Manager. Go to the processes tab, click on "Show processes from all users", and look at the programs running. List any here that seem suspicious. In particular, a remote access tool would have a higher than average memory usage.

 

[Killamaker]

Nothing suspicious was in the startup tab, but in the services there is "Remote Access Auto Connection Manager", "Remote access Connection Manager", "Remote Registry". I also found a remote desktop configuration. A remote desktop services is also in there. But that is it. Nothing else was found. I also have several Svchost processes in the task manager. Thanks again for the reply!

 

[Bubbaleone]

.....The even creepier thing is that my friend on steam experienced the same thing except it got searched into google. Sorry for the word wall, but this is really weird. Any input is appreciated. And again, feel free to move this to the appropriate forum.

Yup...you've been hijacked. Download ComboFix. Before you run it you have to install Microsoft Recovery Console (just takes a minute) because ComboFix needs it in order to run. ComboFix will kill rootkits, keyloggers, redirects, etc., etc. that the vast majority of AVs, and malware scanners, don't even see.

It'll take about three minutes to install Recovery Console, and ten to twenty minutes for ComboFix to clean any infections. One word of caution; once you start ComboFix do not touch your keyboard or mouse. Be patient and let it run until it's finished; at which time it will open a detailed log, of everything it did, on your desktop.

How to install and use the Recovery Console

ComboFix

Just a quick note: Installing Recovery Console is the same for XP, Vista, and 7.

 

[xSauronx]

combofix will install the recovery console if he doesnt have it
i second its usage, IF you dont have any oddball specialty software. ive heard a couple of horror stories but most users i know just have office and every day free software and running combofix caused zero issues for me personally.

 

[Killamaker]

I have the report log, and I will will attach it here. Also, now that I have Malwarebytes installed and activley warning me, it told me that KMSEmulator is trying to start. Sounds like something I should worry about?
http://pastebin.com/8UEgaJkJ

 

[Slugbait]

...it told me that KMSEmulator is trying to start. Sounds like something I should worry about?

Probably not, it's just a keygen/hacktool. However, you may have downloaded one that was repackaged with a trojan or something.

 

[Bubbaleone]

I have the report log, and I will will attach it here. Also, now that I have Malwarebytes installed and activley warning me, it told me that KMSEmulator is trying to start. Sounds like something I should worry about?
http://pastebin.com/8UEgaJkJ

Key Management Service (KMS) is one of Microsofts volume licensing solutions. So if you're running a KMS emulator, which the ComboFix log shows you are, you've got a hacked (not genuine) copy of Windows 7. Every time you boot Windows the emulator "spoofs" the license activation. A KMS emulator is a hack tool.

 

[Bubbaleone]

Get Genuine:

There is an update available to the activation and validation components in Windows Activation Technologies for Windows 7.

 

[Killamaker]

Ahright, that's what was. I think it was with Microsoft Office. But anyway, thanks for the help. At least combo fix didn't show that key loggers or anything else was running.

 

[gevorg]

If you think someone remotely control your PC, disconnect it from the network immediately before trying to fix/investigate it.

 

[Killamaker]

Alright guys... Feel free to laugh at me for my ignorance... I think what the problem was... On my microsoft Sidewinder X4, there is this macro record button. I think what happened was that I had the macro button on and it recorded my keys and when I pressed play or something or whatever other key it got assigned to, it wrote it out. It even writes out like a human. So... Thanks for the help anyway...

 

[oynaz]

Ha, that's actually really funny.

Cool that you solved it.

 

[Killamaker]

Yeah, it is funny. Good thing I solved it, I would never sleep.

 

[GrumpyMan]

Lol, a PBKAC problem.....