Friends PC being controlled remotely?

[cosrocket]

A friend asked me to look at his daughters PC running Windows 10, he said there was something wrong with the mouse, that it "had a mind of it's own". I go over and when she let go of the mouse it just started moving all over the screen by itself. I looked to see if there was anything amiss and didn't see anything in the programs list under Control Panel, or in msconfig, BUT when I looked in the hidden icons in the taskbar there was an icon that said Remote Utilities and when I clicked on it i showed some IP address. When I clicked on exit Remote Utilities the mouse all of a sudden stopped moving by itself. I then ran Malwarebytes, Hitman Pro, Malwarebytes awdcleaner and Bitdefender and a just a few items were found (I think it was called systweak). After running all of these programs and then restarting the PC the Remote Utilities icon appeared again in the taskbar.

 

So short of reformatting the hard drive is there anything else I can do to get rid of this?  

[+BudMan MVC]

Even if any of those tools had founds something.. If you feel the box has been comprised to the level that they had remote control, and not just some junk typical malware/pup

 

Nuking it from Orbit is prob your safest course of action.

 

Its the ONLY WAY to be SURE

[JakeBlaz]

Teamviewer is a popular remote software used by hackers.

 

[goretsky Supervisor]

Hello,

Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker.

 

Regards,

 

Aryeh Goretsky

 

[escapefrom3dom]

On 10/12/2019 at 4:57 AM, goretsky said:

Hello,

Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker.

 

Regards,

 

Aryeh Goretsky

 

full os reinstall + all u've mentioned above are the minimum required measures.

[Gerowen]

4 minutes ago, Carter95 said:

Yeah,you are right,this tool is very destructive.

It can be very useful when used as intended.  For example, using it to help out friends and relatives without physically going to their house or forwarding ports on their routers for other tools.  Under normal circumstances there's an authentication process for enabling remote control, but like all things, it can be misused.

 

On the original topic, if you feel the machine has been compromised in this way, I would follow the advice others have given you thus far.  Change all of their passwords, back up any personal documents and format/reinstall, because you don't know what else could have been changed on the system.  Besides accessing files and passwords, they could have installed other types of malware elsewhere to perform other tasks.

[Director Fury]

Yes, for persistent malware that cannot be removed and a reasonable suspicion of compromised credentials (passwords to sites, email, banking, etc...) follow those steps.

 

First change all credentials, and do not use a password manager as the system is already compromised.

Second, nuke from orbit.

Edited November 12, 2019 by Director Fury

[Odom Member]

On 11/12/2019 at 8:10 AM, Director Fury said:

Yes, for persistent malware that cannot be removed and a reasonable suspicion of compromised credentials (passwords to sites, email, banking, etc...) follow those steps.

 

First change all credentials, and do not use a password manager as the system is already compromised.

Second, nuke from orbit.

Just make sure you do not change all your credentials from that infected PC. Do it from somewhere else.