somebody is watching my screen???

When using Secure Shopping I got pop-up message something like this: “This computer is connected with the other one and someone can see what you have on your screen… and something more”. When using option “Continue” - Comodo Secure Shopping is closing and I have to open once again the same shopping web page. After few seconds all starts again - the same message and whatever I choose from the two options - the page is closed and I can not continue shopping with Secure Shopping.
What is going on? Why such a message and what should I do?

Do you use a third party AV with internet filter? That may install a man in the middle with self signed certificate to look at https traffic.

No, I have only Comodo Internet Security

What web page is giving the alert? Can you post a screenshot of the alert you get?

I can’t replicate this message again. It was when I filled the text box during the shopping.
I was trying to login again and change something on the page but nothing happened.
Maybe the person who was watching me just left.
Could it be possible that someone from local network can see my screen when I am after router and firewall with hidden ports?
No I rather don’t believe in that.
I will check the Secure Shopping with a few other https pages and will see if someone still is watching me or not.
Without this messages and Secure Shopping I slept peacefully.

Ok, I have the message again when openning CSS.

“Remote connection detected
CSS can not work now because some other computer has made a remote connection to this computer. Your screen can be viewed by other people. If you trust this connection, press “continue” to resume the safe environment. However, we strongly recommend that you terminate this remote connection to continue operating in Comodo”
Please wait 85 sek…
And after that CSS works fine.

check log %ProgramData%\COMODO\CSS\verbose.log and check registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ComodoGroup\CSS\remote to see what is causing the remote access alert.

I have checked the log and have found something I have never expected:
“RemoteDetected c:\program files\keyscrambler\keyscrambler.exe”
I am using this application from years with Firefox.
Should I uninstall this application?

if it is this program , then I could not detect any harmful behavior !!! The download page is signed by Comodo and the installation file is also signed by GlobalSign !

Please , can you post the SHA 1 from your “keyscrambler.exe” ? And if possible , can you tell me the IP where the remote connection is established ?

You can also upload the “keyscrambler.exe” to any one-click - file hoster and send me the link with a PM ?! So it would be easiest for me ! :wink:

Thx … !!!

Secure Shopping responds to Keyscrambler. I assume Keyscrambler intercepts the keyboard and that’s what is being flagged. If you trust Keyscrambler and the source you downloaded it from there is no reason to worry. If you want to go the extra mile checking Keybscrambler you can check the signature of the installer.

Thanks a lot for some good news.
Finally on my first move I uninstalled Keyscrambler to get rid off with pop-up message and now I have no problem with CSS.
Next I have checked the instalation version of Keyscrambler and it was very old version signed by qfxsoftware.
I did a regular update but the last version I have was and after pressing check update I always got info - There is no new update available, but now I knew that there is a new v 3.11.

For me the problem is solved and we can close this topic.
Once again many thanks for info about log and registry check - I should start from this point if I knew that.
pio - I haven’t SHA 1 for instalation file (1284KB) but if you still want it I can send you.