Ask Experts Questions for FREE Help !
Ask
    vpricemartin's Avatar
    vpricemartin Posts: 1, Reputation: 1
    New Member
    		  
    #1

    Feb 4, 2009, 11:47 AM
    Rtvscan may be disquising remote activity
    Is it possible for someone to be remoting into my computer and the activity to be disguised as an Rtv scan. When I am at work, my computer runs perfectly with no issues until most of the day shift leaves. My computer is located in the training room and under the administration of instructors who have the ability to remote into the computers for training purposes. I believe that someone is remoting into my computer and taking control of my keyboard. There have been times that I have seen the pointer move by itself and my keystrokes are disabled. I want to make the manager aware of this activity but I need to be able to give more information. I don't want to appear paranoid, but this activity has been witnessed by others sitting next to me. Please explain what could be going on. I keep my processes open where I can see the CPU activity. The CPU scale usually stays at 12% but at those times when it appears someone is remoted in the CPU jumps to 90%. If this were a network issue, it would be happening office wide. The problem on appears on my login and it doesn't matter what computer I am using.
    Scleros's Avatar
    Scleros Posts: 2,165, Reputation: 262
    Hardware Expert
    		  
    #2

    Feb 4, 2009, 01:50 PM
    RTVSCAN is the service component of Symantec Antivirus (discussed in SAV Administrator's Guide). Hogging the CPU and rendering the machine slow or inoperable to user input has been a problem on some machines with various SAV versions (Google "rtvscan.exe"). The movements you see may be your own, just delayed.

    Quote Originally Posted by vpricemartin
    Is it possible for someone to be remoting into my computer and the activity to be disguised as an Rtv scan.
    Possible, yes. Probable, no. I think it is unlikely that a remote access trojan disgused as a bogus RTVSCAN.EXE has infected multiple machines at your organization, yet the following can be pursued:
    • Unplug network cable and see if movements stop.
    • Compare RTVSCAN.EXE to same file on other computers for size. A MD5 hash can also be computed with Microsoft's File Checksum Integrity Verifier utility to confirm a match. If SAV is installed, there should only be one of these files, I think; none otherwise.
    • Entering netstat -on at a command prompt will list connections to and from the computer. Internal company IP addresses would be the most likely source of a remote connection. ARIN: WHOIS Database Search may be useful for determining the controlling entity for public IP addresses, but if a remote connection is being made to an internal computer from outside your organization, your IT folks have a serious problem.
Not your question? Ask your question View similar questions
 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

RTVSCAN use up too much CPU resource [ 2 Answers ]

Why does RTVSCAN use up so much CPU resource and how can it be turned off?:mad:

Rtvscan and svchost [ 1 Answers ]

RTVSCAN and SVCHOST are using 100% of CPU usage how can we stop

Rtvscan runs constantly. [ 3 Answers ]

I have SAV 10 Corporate edition on my site.the Rtvscan run all the time on the pc's. It that OK?

How to stop Rtvscan [ 2 Answers ]

Hi, Is there any way to stop Symantec corporate edition 10.0 's Rtvscan background process in Win XP/2000?

Activity Based Costing in Accounting - Activity Drivers [ 1 Answers ]

Hi, I'm required to introduce Activity Based Costing in Finance branch of a Government Department. Does anyone know what Activity Drivers can be used for non-transactional based activities, such as preparation of Budgets, Annual Report, or other Accounting "common activities". The way system...

View more questions Search