Hello Community,
I had a very weird situation with a LogMeIn product (Called GoToMeeting/GoToOpener as far as I know).
Suddenly, my notebook microphone stopped working a few days ago and when I started to check if there was a program interfering with my mic I was surprised to discover that I had this program installed on my pc.
However, there are a few weird things involved:
1) Looking into a file called G2MUpdate.txt i discovered that this program was installed on my notebook back in 2020-10-14 and was running on background every day since then without me noticing it. Also from time to time it got automatically updated.
2) The software was hided. There was no access to it from Start (https://imgur.com/v7TXuQc), Desktop icon nor even Search (https://imgur.com/6Jj6FsX).
However it appears on "Uninstall or change a program" list: https://imgur.com/jeBXPNE
3) So I tracked down the software until I found it at:
C:\Users\username\AppData\Local\GoToMeeting\18068\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\18425\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\18705\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\19228\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\19584\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\19598\g2mlauncher.exe
4) I opened the program and saved the log. Found a lot of activity for a software a didn't knew it was installed and running: https://www.codepile.net/pile/xe2lVAJE
Some lines extracted:
2021-04-21 22:46:07.602 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> RpcManager::configure() - Configuring the egw link 2021-04-21 22:46:07.603 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> {Session 1 rpc::EPNeighbor[1]::} _connect: connecting to the remote host [216.115.208.230(egwglobal.gotomeeting.com):8200, 80, 443] 2021-04-21 22:46:07.604 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> sockets::jinet::JSpecProviderBroker::getJediProvider(): Creating the singleton connection spec provider 2021-04-21 22:46:07.611 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> JConnSpecProviderCda: CDA requested 2021-04-21 22:46:07.617 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> {Session 1 RpcPeerController::} connect: successfully initiated connect to peer 2 .... 2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [60] 2021-04-22T06:46:07.658371Z L0 Flow RtcAudioEngine AudioSharingProcesso:121 AudioSharingProcessor Audio Sharing: SystemAudioProcessStreamWorker started. 2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [61] 2021-04-22T06:46:07.658371Z L1 Info RtcAudioEngine WebRtcMutingProcesso:57 Initialize PostCaptureMuteProcessor: sampl_rate_hz=48000, num_channels=1, muted=false 2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [62] 2021-04-22T06:46:07.658371Z L1 Info RtcAudioEngine WebRtcMutingProcesso:57 Initialize PreRenderMuteProcessor: sampl_rate_hz=48000, num_channels=1, muted=false 2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [63] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:94 configureGainControl AGC mode set: eGainControlModeAdaptiveAnalog 2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [64] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:150 configureNoiseSuppression Noise suppression mode set: eNoiseSuppressionStrong 2021-04-21 22:46:07.659 PST i: [g2mcomm] <1118> RTC: [65] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:41 configure Voice Detection Voice detection enabled ... 2021-04-21 22:46:27.613 PST i: [g2mcomm] <LogicalPool.1> {Session 1 rpc::EPNeighbor[1]::} _disconnect: disconnecting from the remote host, current connectivity=3 and status=2
...
So I don't know how it exactly works but I investigated and LogMeIn have Silent Session Monitoring (*) features in some products. I'll appreciate if you can help me to find out if someone was spying my computer using your products.
@gtmxasker GoToMeeting software does not have any ability to remotely access, control, or monitor desktop functions or files stored within. Feel free to remove the software through your programs list as needed. You also do not need to use the desktop software, if you prefer not to install anything there -- as we offer a compatible web app for an in-browser experience.