A little Computer Help Please

AJUMP23

AJUMP23

Parody of actual AJUMP23
Tech Gaf,

I got a call from my wife saying she was watching the mouse move on the computer and opening bank accounts and investment accounts in the browser. She was not touching the PC. She thought I had remote desktop in to the PC, but that is impossible on my work machine.

What tools would you recommend I run to find the malicious remote desktop SW. I also had her turn off the PC for now.

Any suggestions appreciated, jokes welcome too.
 
AJUMP23 said:
Tech Gaf,

I got a call from my wife saying she was watching the mouse move on the computer and opening bank accounts and investment accounts in the browser. She was not touching the PC. She thought I had remote desktop in to the PC, but that is impossible on my work machine.

What tools would you recommend I run to find the malicious remote desktop SW. I also had her turn off the PC for now.

Any suggestions appreciated, jokes welcome too.
Click to expand...
I told you to let me hold $5 🤷🏽
 
HeisenbergFX4 said:
Hope you changed every password ever used on that PC

Malware bytes
Click to expand...

I will, but I also have 2 factor on everything, so that will help prevent any malicious access.

Malwarebytes was my first go to. MS has a malicious software removal tool as well.
 
cormack12 said:
I would rebuild/reimage my PC. Sorry bud, taking no chances with that shit with online banking etc.
Click to expand...
I can do that as most of the data is on other drives and just my OS is on a NVME.

Maybe I could buy a new NVME and then use it. and Clean the old one.
 
I second Malwarebytes. However, if my machine was compromised like that, I would do a wholesale format and reinstall. I wouldn't trust anything.
 
AJUMP23 said:
What tools would you recommend
Click to expand...
the-simpsons-throw.gif
 
Is it a laptop? Could of spilled or got something greasy on the touchpad. Windows defender has always worked fine for me though. Maybe update it and do an offline scan in Windows Security -> Virus Threat Protection->Scan options
 
Last edited:
Also check processes running. If there's an exe running in the process eating up CPU. A long time ago I had a virus that high jacked my pc running the CPU at 100% for bit mining. My computer was bit mining for someone.
 
To do that someone is remote controlling your PC so there is both control software installed and a network path for them open to reach that software.

Take off and nuke the site from orbit; it's the only way to be sure
 
Hitman Pro and Emisoft Emergency scan.
They should detect and eliminate the malware.

A format and reinstall, is not a bad idea.
But make sure that other drives are cleaned up.
 
Malwarebytes, ms malicious software removal, hitman pro, run them all, safe mode/on boot if possible, then when that's done 'immunise' the browsers with someting like spybot.
 
That sounds scary.

Lots of suggestions, but the first thing I would do is try booting into Safe Mode without internet enabled to do an offline scan and see if that can help kickstart things.

You could also do something scan from within Linux using a bootable image as another way to safely deal with the threat.
blog.achievable.me

Scanning a Windows PC for viruses with an Ubuntu Live CD | Achievable Test Prep

Use an Ubuntu Live CD with ClamAV to scan and remove viruses from your Windows PC—no need to boot into Windows or be a tech expert.
blog.achievable.me blog.achievable.me

Or to skip Linux, bootable virus checkers like Dr.Web LiveDisc
www.lifewire.com

14 Free Bootable Antivirus Tools We Recommend in 2025

A bootable virus scanner can delete viruses from your PC when Windows won't start. Here's a list of our favorite free ways to run a USB virus scan.
www.lifewire.com www.lifewire.com
 
Last edited:
BTW, considering that your PC was compromised, start changing passwords on sites you use.
They might have stolen some passwords or login cookies.
 
I'll preface this with the fact I manage 40k endpoints for a living. I'd advise a full re-image of the OS after formatting the drive to be honest. You can DL the Windows ISO direct from MS or DL Rufus which will DL the ISO and format a USB for you to use to install off of. You really can't trust what is left \ missed by free tools such as Malwarebytes.
As others have said, change ALL your passwords and enable MFA, and def check your accounts. Might also be a good idea to run a credit report in case they really went full retard.
You can also look into disabling RDP port 3389 on via modem firewall settings if you know you'd never need it.
 
Last edited:
Yup, unplugged from the internet, reformat the drive, create a fresh partition, reinstall Windows, and stop clicking on sketchy stuff. Hopefully there is nothing of importance on the PC otherwise you'd need to back them up first and risk being compromised again if any of that important stuff happens to be executables.
 
kpopSuperstar said:
How do they open bank accounts? don't your bank have security log ins?
Click to expand...
They tried to log in. But there is 2 factor on them. So I can see from the history once I got home that they tried to access 2 bank accounts and an investment and 1 credit card.

I ran some tools and found some stuff to remove. Going to reimagine the system though when I get a free minute.
 
Same happened to me since I renamed my bank account "Lunch box" and logged into GAF.

On a serious note: New install. I just reformated my daughters android tablet as ads where playing full screen all the time and restricted the access to the playstore, chrome and settings.
 
Make sure you check/delete your boot sectors, lots of viruses hide there and will survive a wipe and reload. Once you have a clean install up and running with all drivers and updates installed you can use something like reflect to back it up, making any future reloads trivial.
 
Change any/all passwords as required.

Update (use another device to get the latest definitions) and run Defender and Malwarebytes whilst offline.

Look in typical known locations such as Temp, My Docs etc for new & unknown downloads, upload these to Virustotal.com if you find any.

Reconnect & run Procmon, monitor any external connections. Also run Wireshark and have it capture the traffic if you see anything unusual and discover the associated exe performing the connections (upload to VirusTotal). Then analyse that traffic from the created pcap. Use OSINT to determine who the connections belong to.

Or... If you've no interest in doing some cyber sleuthing, just reformat.
 
AJUMP23 said:
Tech Gaf,

I got a call from my wife saying she was watching the mouse move on the computer and opening bank accounts and investment accounts in the browser. She was not touching the PC. She thought I had remote desktop in to the PC, but that is impossible on my work machine.

What tools would you recommend I run to find the malicious remote desktop SW. I also had her turn off the PC for now.

Any suggestions appreciated, jokes welcome too.
Click to expand...
Work machine!? This sounds like your IT DEPT using ConnectWise, logmein, team viewer or Remote Desktop. There are a slew of softwares that perform this task. I would contact HR immediately and let them know this was occurring. In the meantime, disconnect the pc from the internet or simply shut it off. If it's not from your it dept, then I would still contact HR and let them know what's going on.

Change all your passwords from your phone. Do not used the PC as it is compromised. Also, why the fuck are you using a work pc for your personal use?
 
Last edited:
ResilientBanana said:
Work machine!? This sounds like your IT DEPT using ConnectWise, logmein, team viewer or Remote Desktop. There are a slew of softwares that perform this task. I would contact HR immediately and let them know this was occurring. In the meantime, disconnect the pc from the internet or simply shut it off. If it's not from your it dept, then I would still contact HR and let them know what's going on.

Change all your passwords from your phone. Do not used the PC as it is compromised. Also, why the fuck are you using a work pc for your personal use?
Click to expand...
I second this but OP made it cryptic. I assumed OP meant he can't use remote clients from his work machine to his home machine and I assumed the home machine was doing the weird stuff.
 
This happened to me earlier this year. Basically ALL of my passwords were compromised, even my 2-factor on some services.

Long story short, I changed all of my passwords and I reformatted that machine. It was a headache for about 2 days, but after that I was in the clear.
 
ResilientBanana said:
Work machine!? This sounds like your IT DEPT using ConnectWise, logmein, team viewer or Remote Desktop. There are a slew of softwares that perform this task. I would contact HR immediately and let them know this was occurring. In the meantime, disconnect the pc from the internet or simply shut it off. If it's not from your it dept, then I would still contact HR and let them know what's going on.

Change all your passwords from your phone. Do not used the PC as it is compromised. Also, why the fuck are you using a work pc for your personal use?
Click to expand...
readonly said:
I second this but OP made it cryptic. I assumed OP meant he can't use remote clients from his work machine to his home machine and I assumed the home machine was doing the weird stuff.
Click to expand...

This is my HOME PC. My work machine is so locked down I cannot do anything with it. Sorry for the confusion.
 
AJUMP23 said:
This is my HOME PC. My work machine is so locked down I cannot do anything with it. Sorry for the confusion.
Click to expand...
Then yeah, I would pull the hdd out of it and use a USB caddy or something to pull off all the files you need, staying away from any executable type files (pictures documents you basically want) and then do a format and Windows install. Don't try to clean the virus off of it.
 
ResilientBanana said:
Dude can barely handle a PC. Linux is not the answer.
Click to expand...
I can handle a pc. I have built all my pc's. I was just wanting some inside because I know there are people better than me at pc's. But I can reimagine a drive and do all that stuff.

What I don't know is where the Trojan came from.
 
AJUMP23 AJUMP23 I would disconnect from the internet completely, run a scan on your computer and check browser history, firewall and sys logs for internet activity, inbound connections or RDP protocols used. Using Defender is fine, dont introduce other bullshit to scan. Also review any software or services installed (i.e. task manager) that you dont recognize.

If you arent comfortable doing any of that, take the files you need from the machine and reimage the device.

You can also look into certified 3rd parties to perform review and forensics. Your company's IT Security team can offer potential recommendations.

Change all passwords and enable 2fa on everything.

PM me for any additional questions.
 
Last edited:
Your router could be infected if it's old, belongs to the isp, or a Linksys. I would replace it if the DNS is changing on its own. Check the DNS settings in the router and make sure it's set to auto or 8.8.8.8, 1.1.1.1, etc. Android apps can have malware that can infect the router so that's another thing to look at too, uninstall any weird non-play store apps like free movie apps. I'm a network engineer and i seen this occur in customer routers.
 
El Muerto said:
Your router could be infected if it's old, belongs to the isp, or a Linksys. I would replace it if the DNS is changing on its own. Check the DNS settings in the router and make sure it's set to auto or 8.8.8.8, 1.1.1.1, etc. Android apps can have malware that can infect the router so that's another thing to look at too, uninstall any weird non-play store apps like free movie apps. I'm a network engineer and i seen this occur in customer routers.
Click to expand...

I have a UMD Dream Machine and my ATT router. I wonder what firewall rules got exported by the Trojan. But I need to rebuild Windows.
 
kanjobazooie said:
I'd have a stroke and a heart attack if this happened to me.
Click to expand...
Many years ago I got a rootkit malware from downloading some bluetooth software that was suppose to be legit, but the site got hacked to change the download. I installed it and it looked normal until I started getting popups from Windows Defender (which in of itself couldn't remove it) and then I ran Malwarebytes which took care of that. Scared the crap outta me though as I never even have had true malware/virus before that (adware at most). I had dreams for weeks that what happened to OP happened to me. Still a big fear of mine when I download something that's a bit shady.

OP you said you had extra drives connected? Those drives might be contaminated as well. Might've copied itself to those and will reactivate when Windows sets up again with them connected. I'd transfer all that stuff by hand from those drives and only make sure to transfer what you know. Then wipe'em.
 
Sounds like a great story to explain the missing thousands that she has been spending on designer shoes and handbags.
 
Who has been on that pc? A "friend" I allowed to use my computer, a few years ago, dropped a backdoor on it so he was able to remote access in later.
 
burn the whole PC.

at least I would format the fuck out of it. and don't download cracked shit including windows
 
Last edited:
You must log in or register to reply here.

Similar threads

Most aesthetically pleasing computer of all time?
Opinion  2
84
4K
Plies replied
Please help me understand Space 2.0 - Universe might have existed before the big bang.
2 3
109
1K
zeioIIDX replied
Does anyone know of a good computer chair that isnt a wheeled type?
4
432
EverydayBeast replied
  • Poll
Which one have you missed more your old car or your old computer
36
103
Beretta replied
Men's Skincare Help and Suggestions
Community Science 
23
282
Miyazaki’s Slave replied
Top Bottom