Computer Being Controlled?!

Sorry if this isn't the proper place to post this, but I wasn't sure.

I think someone/something was controlling my computer against my will. I recently started running a couple of servers on my computer. Can you help me figure out what happened, and how to make sure I am not putting my computer and network at an unacceptable level of risk?

While playing a game of League of Legends, my computer started acting weird. It was as if keys were being pressed on my keyboard. It only lasted a few seconds, so I chalked it up to a potential hiccup in my keyboard and went on to finish the game. Afterwards, I was browsing the internet and more weird things started happening. My mouse would start selecting text on the page as I moved the cursor without me pressing the mouse button. It also seemed that "ghost" keys were being pressed on my keyboard again.
Then, out of curiosity, I opened Notepad to see what keys might be activating (still believing my keyboard was acting up). I was very surprised to find "static" being typed out, highlighted, deleted, and then "change ip" being typed in. At this point I immediately unplugged my computer from the network.

Steps Taken:
After a few minutes, I decided to reconnect to my network in order to see if I could glean any more information from what was going on. I updated and ran MalwareBytes, SuperAntiSpyware, and Symantec Endpoint Protection. No risks (other than tracking cookies) were found. I have not observed any further unexpected activity.
Looking at my router's logs, it lists "[DoS Attack: RST Scan] " quite a few times recently (I don't know what that means, but I know it doesn't sound good). I also see many "[LAN access from remote]" from different ip addresses to my computer. I expect some of those, since I run a MineCraft server for about 5 friends, but there seem to be too many and happening too quickly (often within 10 seconds of each other). Also, I know what ip addresses my friends connected with recently, and they make up a small minority.

My Setup:
Cable Modem --> Netgear Router (wnr2000v3) ---> TP-Link Switch ---> Desktop (all connected by ethernet)
I have recently set up a static ip. I run a Bukkit MineCraft server, and have forwarded port 25565. I sometimes run a TeamSpeak server, and have forwarded ports 9987, 9988, 10011, 30033. I was not running the Teamspeak server at the time. I was running the MineCraft server.

My Computer:
Windows 7 64bit Enterprise
I5-2500k (4GHz)
120 GB Kingston HyperX SSD (OS)
1 TB Western Digital Caviar Blue
XFX Radeon HD 6870

I feel like I am in over my head and would greatly appreciate any advice. I will gladly provide more information at your request. Thanks.
4 answers Last reply
More about computer controlled
  1. Well.... Mystery solved.

    As it turns out, I had accidentally recorded a macro on my keyboard (Razer Black Widow) a couple of weeks ago and it was bound to a key I barely use. The macro lasted several minutes.

    So.... yeah...
  2. Lol, nice. Regardless, I'm not sure it's such a smart idea to be running servers off your personal...have you implemented any security measures? :whistle:
  3. Um... Not really. I am running a Minecraft server and a TeamSpeak server. From the research I did (googling and such), it didn't seem like running them presented much of a security risk.

    That being said, the only security I am aware of is my computer's firewall and my router's firewall.

    I would appreciate any advice though.
  4. You want advice? Don't run server services on a workstation OS. If possible, run your servers on recycled / old hardware running Linux, and jam ClamAV on it to be nice to the folks running Windows...
Ask a new question

Read More

Computers Keyboards Networking