My computer was being remotely controlled by someone. Can find no viruses

  • Walking back to my computer (Windows 10), I noticed that my browser's history tab had just opened without me touching it and I thought I saw my cursor moving around. I had no control over my mouse until I ctrl-alt-deleted.

    When I came back I had multiple new tabs open to things like ps4 digital game cards bought under my account and confirmation emails saying I just had bought a few hundred dollars worth of them. I also had a confirmation email about an account created with my email on "gameflip.com". I've never even heard of this website but it looks like its a place where you can sell stuff. My credit card company sent me an email detecting fraudulent charges and I dealt with that so I think I'm good on that end. Also, changed my passwords and all that jazz.

    The problem is that I can't figure out how they did this. I've scanned my computer with Windows Defender, Malwarebytes, and Malwarebytes Anti-Rootkit. I also ran Malwarebytes in safe mode as well but they all found absolutely nothing.

    Someone suggested I go to grc.com and run a scan to see if I had any open ports, but they were all in stealth mode except 21 which was in closed status. I'm not super tech savvy so I'm not sure if that means anything but as far as I can tell, "closed" shouldn't really be bad right?

    If someone had just figured out my credit card number and passwords then whatever, that's easily solved, but how do I stop them from just taking control of my computer again?

    "_If_ _someone_ _had_ _just_ _figured_ _out_ _my_ _credit_ _card_ _number_" In case of doubt change al passwords. Strong password policy is a must and in different services you should always use different passwords. If somehow your facebook account credentials were sold, you dont want them tu use that password to enter your email for example.

  • There are a large number of remote control utilities.

    VNC is just one of them.

    Virtual Network Computing is open source so anyone can copy the source and include it as the payload of a trojan that they arrange to have installed on your computer.

    Anti Virus software is not necessarily going to see everything. Something that is new or something that is a one off that is created for one job will not have made into yiour anti-virus signature files as yet.

    Also, anti-virus software is not going to see the VNC part of the software as a problem.

    If someone tricks you into installing some software that included this then they would be able to access your computer at any time.

    Closing unused ports is always a good idea, but a trojan will probably be using a commonly used port like port 80 which is used for web browsers and web servers or will search for a unused port that is open. A Trojan that is well written could also only respond on a particular port under certain set conditions to prevent their being found.

    If an attacker has had enough time to take over your PC and has made a variety of purchases through your web browser using your credit card details and processed confirmation emails, then they have had enough access and timew to totally compromise your computer.

    I would think that there is no effective method of cleaning this up short of Copying all data to a secure external drive, wiping the hard drive and any connected data storage, including cloud storage that may contain re infection software, and reinstalling everything from scratch.

    Make sure that any access to the backup drive containing all of you data is done in such a manner that you do not risk re infection.

    You will also need to update passwords on any accounts the attacker had access to and replace all of your credit cards.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM