Sign in with
Sign up | Sign in
Your question

Computer Being Controlled?!

Last response: in Networking
Share
January 20, 2013 10:26:06 PM

Sorry if this isn't the proper place to post this, but I wasn't sure.

TLDR;
I think someone/something was controlling my computer against my will. I recently started running a couple of servers on my computer. Can you help me figure out what happened, and how to make sure I am not putting my computer and network at an unacceptable level of risk?


Problem:
While playing a game of League of Legends, my computer started acting weird. It was as if keys were being pressed on my keyboard. It only lasted a few seconds, so I chalked it up to a potential hiccup in my keyboard and went on to finish the game. Afterwards, I was browsing the internet and more weird things started happening. My mouse would start selecting text on the page as I moved the cursor without me pressing the mouse button. It also seemed that "ghost" keys were being pressed on my keyboard again.
Then, out of curiosity, I opened Notepad to see what keys might be activating (still believing my keyboard was acting up). I was very surprised to find "static" being typed out, highlighted, deleted, and then "change ip" being typed in. At this point I immediately unplugged my computer from the network.

Steps Taken:
After a few minutes, I decided to reconnect to my network in order to see if I could glean any more information from what was going on. I updated and ran MalwareBytes, SuperAntiSpyware, and Symantec Endpoint Protection. No risks (other than tracking cookies) were found. I have not observed any further unexpected activity.
Looking at my router's logs, it lists "[DoS Attack: RST Scan] " quite a few times recently (I don't know what that means, but I know it doesn't sound good). I also see many "[LAN access from remote]" from different ip addresses to my computer. I expect some of those, since I run a MineCraft server for about 5 friends, but there seem to be too many and happening too quickly (often within 10 seconds of each other). Also, I know what ip addresses my friends connected with recently, and they make up a small minority.

My Setup:
Cable Modem --> Netgear Router (wnr2000v3) ---> TP-Link Switch ---> Desktop (all connected by ethernet)
I have recently set up a static ip. I run a Bukkit MineCraft server, and have forwarded port 25565. I sometimes run a TeamSpeak server, and have forwarded ports 9987, 9988, 10011, 30033. I was not running the Teamspeak server at the time. I was running the MineCraft server.

My Computer:
Windows 7 64bit Enterprise
I5-2500k (4GHz)
120 GB Kingston HyperX SSD (OS)
1 TB Western Digital Caviar Blue
XFX Radeon HD 6870



I feel like I am in over my head and would greatly appreciate any advice. I will gladly provide more information at your request. Thanks.

More about : computer controlled

January 21, 2013 11:47:20 PM

Well.... Mystery solved.

As it turns out, I had accidentally recorded a macro on my keyboard (Razer Black Widow) a couple of weeks ago and it was bound to a key I barely use. The macro lasted several minutes.

So.... yeah...
m
0
l
January 22, 2013 1:57:27 AM

Lol, nice. Regardless, I'm not sure it's such a smart idea to be running servers off your personal...have you implemented any security measures? :whistle: 
m
0
l
Related resources
January 29, 2013 4:07:27 AM

Um... Not really. I am running a Minecraft server and a TeamSpeak server. From the research I did (googling and such), it didn't seem like running them presented much of a security risk.

That being said, the only security I am aware of is my computer's firewall and my router's firewall.

I would appreciate any advice though.
m
0
l
January 29, 2013 4:08:46 PM

You want advice? Don't run server services on a workstation OS. If possible, run your servers on recycled / old hardware running Linux, and jam ClamAV on it to be nice to the folks running Windows...
m
0
l
!