cancel
Showing results for 
Search instead for 
Did you mean: 
gtmxasker
Visitor

Someone was spying my notebook? Help pls

Hello Community,

I had a very weird situation with a LogMeIn product (Called GoToMeeting/GoToOpener as far as I know).

Suddenly, my notebook microphone stopped working a few days ago and when I started to check if there was a program interfering with my mic I was surprised to discover that I had this program installed on my pc.

However, there are a few weird things involved:
1)  Looking into a file called G2MUpdate.txt i discovered that this program was installed on my notebook back in 2020-10-14 and was running on background every day since then  without me noticing it. Also from time to time it got automatically updated.

2) The software was hided. There was no access to it from Start (https://imgur.com/v7TXuQc), Desktop icon nor even Search (https://imgur.com/6Jj6FsX).
However it appears on "Uninstall or change a program" list: https://imgur.com/jeBXPNE

3) So I tracked down the software until I found it at:
C:\Users\username\AppData\Local\GoToMeeting\18068\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\18425\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\18705\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\19228\g2mlauncher.exe
C:\Users\username\AppData\Local\GoToMeeting\19584\g2mlauncher.exe

C:\Users\username\AppData\Local\GoToMeeting\19598\g2mlauncher.exe

4) I opened the program and saved the log. Found a lot of activity for a software a didn't knew it was installed and running: https://www.codepile.net/pile/xe2lVAJE

Some lines extracted:

2021-04-21 22:46:07.602 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> RpcManager::configure() - Configuring the egw link
2021-04-21 22:46:07.603 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> {Session 1 rpc::EPNeighbor[1]::} _connect: connecting to the remote host [216.115.208.230(egwglobal.gotomeeting.com):8200, 80, 443]
2021-04-21 22:46:07.604 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> sockets::jinet::JSpecProviderBroker::getJediProvider(): Creating the singleton connection spec provider
2021-04-21 22:46:07.611 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> JConnSpecProviderCda: CDA requested
2021-04-21 22:46:07.617 PST i: [g2mcomm] <1120/IRpcManager.configure_0X460> {Session 1 RpcPeerController::} connect: successfully initiated connect to peer 2


....
2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [60] 2021-04-22T06:46:07.658371Z L0 Flow RtcAudioEngine AudioSharingProcesso:121 AudioSharingProcessor Audio Sharing: SystemAudioProcessStreamWorker started.
2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [61] 2021-04-22T06:46:07.658371Z L1 Info RtcAudioEngine WebRtcMutingProcesso:57 Initialize PostCaptureMuteProcessor: sampl_rate_hz=48000, num_channels=1, muted=false
2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [62] 2021-04-22T06:46:07.658371Z L1 Info RtcAudioEngine WebRtcMutingProcesso:57 Initialize PreRenderMuteProcessor: sampl_rate_hz=48000, num_channels=1, muted=false
2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [63] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:94 configureGainControl AGC mode set: eGainControlModeAdaptiveAnalog
2021-04-21 22:46:07.658 PST i: [g2mcomm] <1118> RTC: [64] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:150 configureNoiseSuppression Noise suppression mode set: eNoiseSuppressionStrong
2021-04-21 22:46:07.659 PST i: [g2mcomm] <1118> RTC: [65] 2021-04-22T06:46:07.658371Z L0 Info RtcAudioEngine AudioProcessingDefau:41 configure Voice Detection Voice detection enabled
...
2021-04-21 22:46:27.613 PST i: [g2mcomm] <LogicalPool.1> {Session 1 rpc::EPNeighbor[1]::} _disconnect: disconnecting from the remote host, current connectivity=3 and status=2

...

So I don't know how it exactly works but I investigated and LogMeIn have Silent Session Monitoring (*features in some products. I'll appreciate if you can help me to find out if someone was spying my computer using your products.

 

 

 

1 REPLY 1
AshC
Retired GoTo Contributor

Re: Someone was spying my notebook? Help pls

@gtmxasker  GoToMeeting software does not have any ability to remotely access, control, or monitor desktop functions or files stored within.  Feel free to remove the software through your programs list as needed.  You also do not need to use the desktop software, if you prefer not to install anything there -- as we offer a compatible web app for an in-browser experience.


Ash is a member of the LastPass Community Care Team.

Was your question answered? Please mark it as an Accepted Solution.
Was a post helpful or informative? Give it a Kudo!