How to check if computer is controlled remotely
My laptop has windows 7 installed.
One Saturday night I couldn't fall asleep and was just lying in bed. Then suddenly at around 2 in the morning I heard the fan of the laptop start up and lights on the laptop started blinking. The lid was closed, and I didn't want to open it because I had a headache.
The fan was on and lights blinking for good half an hour, and then the laptop went back to sleep. In the morning I checked the laptop to see if any files were missing, or if anything was done. But I didn't find any problems.
This got me thinking.
How would you detect if someone has remote access program installed on your computer?
If you have some remote access program, can you wake up the laptop from sleep(which I think is possible since I have seen some programs like logmein.com and such)? And if so would the user be able to tell if the computer is being accessed remotely?
If your computer is being remotely accessed should you nuke it from orbit or can you somehow just remove whatever is allowing your computer to be accessed.
Thanks to anyone for their help and explanation :) I could only find solutions for linux and none for windows.
Microsoft has a 2AM routine for updating your system. You should be able to disable the autoupdate...
You can check open port lists to see if anything unusual going on. If something looks weird, you can listen "bad port"
Moreover, using some tool like processHacker, you can see what are each and every process is doing.
Coming back to your question, booting up a pc remotly, or awaking it from sleep, is not impossible probably, BUT I would say it is pretty hard. Especially booting it up. Even when sleeping, pc should be listening on some port so that remote attacker could send packets to wake it up. Since it is listening for an input from keyboard, it is probably doable, but pretty hard I -only- assume.
And booting it up is even harder since it wont be listening on anything at that time. But there might be a device pluged in to the USB or whatsoever.
Either way, listening on ports and watching process would help you to catch any malware/virus. Do not forget that, your pc might also have became a zombie which sends packets outside (zombie virus could wake the PC up also), so listen both incoming and outgoing packets.
Edit: Oh btw, a virus might also boot up your computer at a certain time. However this isn't done remotely. Just like Windows' update policy (which makes you pc boot up at 3 am, check for updates, if any, installs them and shuts down). A virus could also do the same thing and connect to the remote master server.
TLDR; Everything is possible.
which would be some sort of zombie virus as I have mentioned in final paragraph..
schroeder's right, wake on lan is easy - it's on by default on a lot of motherboards, and lots of routers have built in wake-on-lan features allowing someone to send the magic packet if they log on to your router. Bios alarms would also allow you to wake it up if they had a way to set it.