• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Friends PC being controlled remotely?

Recommended Posts

cosrocket    4

A friend asked me to look at his daughters PC running Windows 10, he said there was something wrong with the mouse, that it "had a mind of it's own". I go over and when she let go of the mouse it just started moving all over the screen by itself. I looked to see if there was anything amiss and didn't see anything in the programs list under Control Panel, or in msconfig, BUT when I looked in the hidden icons in the taskbar there was an icon that said Remote Utilities and when I clicked on it i showed some IP address. When I clicked on exit Remote Utilities the mouse all of a sudden stopped moving by itself. I then ran Malwarebytes, Hitman Pro, Malwarebytes awdcleaner and Bitdefender and a just a few items were found (I think it was called systweak). After running all of these programs and then restarting the PC the Remote Utilities icon appeared again in the taskbar.

 

So short of reformatting the hard drive is there anything else I can do to get rid of this?  

  • Sad 1

Share this post


Link to post
Share on other sites
+BudMan    3,544

Even if any of those tools had founds something.. If you feel the box has been comprised to the level that they had remote control, and not just some junk typical malware/pup

 

Nuking it from Orbit is prob your safest course of action.

 

Its the ONLY WAY to be SURE ;)

  • Like 3

Share this post


Link to post
Share on other sites
JakeBlaz    0

Teamviewer is a popular remote software used by hackers.

 

  • Facepalm 2

Share this post


Link to post
Share on other sites
goretsky    1,054

Hello,


Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker.

 

Regards,

 

Aryeh Goretsky

 

Share this post


Link to post
Share on other sites
escapefrom3dom    0
On 10/12/2019 at 4:57 AM, goretsky said:

Hello,


Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker.

 

Regards,

 

Aryeh Goretsky

 

full os reinstall + all u've mentioned above are the minimum required measures.

Share this post


Link to post
Share on other sites
Gerowen    1,240
4 minutes ago, Carter95 said:

Yeah,you are right,this tool is very destructive.

It can be very useful when used as intended.  For example, using it to help out friends and relatives without physically going to their house or forwarding ports on their routers for other tools.  Under normal circumstances there's an authentication process for enabling remote control, but like all things, it can be misused.

 

On the original topic, if you feel the machine has been compromised in this way, I would follow the advice others have given you thus far.  Change all of their passwords, back up any personal documents and format/reinstall, because you don't know what else could have been changed on the system.  Besides accessing files and passwords, they could have installed other types of malware elsewhere to perform other tasks.

  • Like 1

Share this post


Link to post
Share on other sites
andresim    0
On 11/8/2019 at 11:22 AM, Gerowen said:

  Besides accessing files and passwords, they could have installed other types of malware elsewhere to perform other tasks.

A terrible guy.

Share this post


Link to post
Share on other sites
Director Fury    8

Yes, for persistent malware that cannot be removed and a reasonable suspicion of compromised credentials (passwords to sites, email, banking, etc...) follow those steps.

 

First change all credentials, and do not use a password manager as the system is already compromised.

Second, nuke from orbit.

Edited by Director Fury

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.