Have a situation where I suddenly loose control of my pc, like if someone is connected remotely. Any apps I have open will close or minimize at random. If I have a document open characters will by typed in, some appear as if machine made symbols. I can open an app, and it will close by itself. I even had some type in a saved document, then I watched as all my typing just disappeared.
Ran virus scan, but nothing found. To me its as if someone is remotely attached. Tried netstat -a but this only will show at actual time of incident. It happens so quickly that no results are shown. Any ideas?

Lock in the task manager, in the registry for programs that start with windows and try to run a spyware, trojanware (SpyBot is a good free option) detection program.
And look for a remote administration program.
Have fun

you probably have Sub7 / Netbus trojan

if so you should find a file called patch.exe in your Windows directory. (If you used Trend House Call online scanner; it too uses a file called patch.exe but this is not a virus)

Delete that sub7 file & get a Sub7 remover / cleaner utility

I think most newer antivirus programs can do the job.

If what I decribed is not the case then the situation is more serious -- i.e. you have a more powerful bug than sub7.

Spybot really detects only two or three trojans.

That's not what it does: it's thing is spyware, homepage hijackers, dialers and the like.

If you do have a trojan, it'll show in your startups.

Go to Start/run, and type Msinfo32, followed by OK.
Go to Software Environment/Startup Programs.
Click Edit/'Select all', and then 'copy'
Now paste the contents in your post.

You may also have been infected by back orifice

wicked program.

do a search on google for a cleaner.

Patrick (http://www.winguides.com/forums/sendprivate.php?Cat=&User=POBrien&Board=&Number=&what=online&page=&view=&sb=&part=&vc=><font)</font color=green> /images/forums/icons/smile.gif
<a target="_blank" href=http://www.winguides.com/subscribe/?guide=registry>WinGuides</a>

You MAY want to consider Looking into Zone Alarm Pro,

And ONLY allow what YOU WANT to connect to the internet connect.

DONT ALLOW ANY SERVER RIGHTS!

http://www.zonelabs.com

AND if it closes the icon from the task bar (Systray) then its something "More Advanced", and NOT a hacker, since they need to be able to connect to ur machine to control it.

Are u Directly connected to the 'net?

Router?

Connection?

Tony, you said a trojan would show up in the startups? Always, still learning tell me more if you will, thanks

It always needs to be activated as Windows starts, so it adds itself to startup, in a variety of ways.

It can be the Registry Run key, The Startup folder, the Win.ini, by Registry shell spawning, by modifying the Registry or the System.ini shell line, and there are other ways.

This great little tool will show all startup locations:

Download <a target="_blank" href=http://www.spywareinfo.com/files/startuplist.zip>StartupList</a>

Doubleclick it, and it will generate a text file that will list all running processes, and all applications that are loaded automatically when you start Windows.

Very revealing!

Gracias tony, everything is kewl here, i learned something thanks.

No prob! :)

BTW, for the latest version of the list, go to <a target="_blank" href=http://www.lurkhere.com/~nicefiles>http://www.lurkhere.com/~nicefiles</a>

It has some added startup locations peculiar to NT/XP, like load= and run= Registry startups.