cosrocket Posted September 6, 2019 Share Posted September 6, 2019 A friend asked me to look at his daughters PC running Windows 10, he said there was something wrong with the mouse, that it "had a mind of it's own". I go over and when she let go of the mouse it just started moving all over the screen by itself. I looked to see if there was anything amiss and didn't see anything in the programs list under Control Panel, or in msconfig, BUT when I looked in the hidden icons in the taskbar there was an icon that said Remote Utilities and when I clicked on it i showed some IP address. When I clicked on exit Remote Utilities the mouse all of a sudden stopped moving by itself. I then ran Malwarebytes, Hitman Pro, Malwarebytes awdcleaner and Bitdefender and a just a few items were found (I think it was called systweak). After running all of these programs and then restarting the PC the Remote Utilities icon appeared again in the taskbar. So short of reformatting the hard drive is there anything else I can do to get rid of this? Steven P. 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 6, 2019 MVC Share Posted September 6, 2019 Even if any of those tools had founds something.. If you feel the box has been comprised to the level that they had remote control, and not just some junk typical malware/pup Nuking it from Orbit is prob your safest course of action. Its the ONLY WAY to be SURE Xenon, Jim K and Dick Montage 3 Share Link to comment Share on other sites More sharing options...
JakeBlaz Posted October 11, 2019 Share Posted October 11, 2019 Teamviewer is a popular remote software used by hackers. +BudMan and Dick Montage 2 Share Link to comment Share on other sites More sharing options...
goretsky Supervisor Posted October 12, 2019 Supervisor Share Posted October 12, 2019 Hello, Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
escapefrom3dom Posted October 23, 2019 Share Posted October 23, 2019 On 10/12/2019 at 4:57 AM, goretsky said: Hello, Your friend's daughter will want to change the passwords for all online sites that she visits (email, banking, shopping, etc.), as the credentials may have been harvested by the attacker. Regards, Aryeh Goretsky full os reinstall + all u've mentioned above are the minimum required measures. Link to comment Share on other sites More sharing options...
Gerowen Posted November 8, 2019 Share Posted November 8, 2019 4 minutes ago, Carter95 said: Yeah,you are right,this tool is very destructive. It can be very useful when used as intended. For example, using it to help out friends and relatives without physically going to their house or forwarding ports on their routers for other tools. Under normal circumstances there's an authentication process for enabling remote control, but like all things, it can be misused. On the original topic, if you feel the machine has been compromised in this way, I would follow the advice others have given you thus far. Change all of their passwords, back up any personal documents and format/reinstall, because you don't know what else could have been changed on the system. Besides accessing files and passwords, they could have installed other types of malware elsewhere to perform other tasks. helpifIcan 1 Share Link to comment Share on other sites More sharing options...
Director Fury Posted November 12, 2019 Share Posted November 12, 2019 (edited) Yes, for persistent malware that cannot be removed and a reasonable suspicion of compromised credentials (passwords to sites, email, banking, etc...) follow those steps. First change all credentials, and do not use a password manager as the system is already compromised. Second, nuke from orbit. Edited November 12, 2019 by Director Fury Link to comment Share on other sites More sharing options...
Odom Member Posted November 22, 2019 Member Share Posted November 22, 2019 On 11/12/2019 at 8:10 AM, Director Fury said: Yes, for persistent malware that cannot be removed and a reasonable suspicion of compromised credentials (passwords to sites, email, banking, etc...) follow those steps. First change all credentials, and do not use a password manager as the system is already compromised. Second, nuke from orbit. Just make sure you do not change all your credentials from that infected PC. Do it from somewhere else. Director Fury 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now