Hacked


  1. Posts : 2
    Windows 10
       #1

    Hacked


    A friend of mine fell for the let me on your computer scam you have a virus.... So now I am trying to do damage control. Through the windows password manager it showed they had accessed approximately 93 passwords and 5 files. What I am trying to determine is if they copied any files off of the computer since there was a lot of sensitive data that was not encrypted. Everywhere I have looked it shows that there is no way of telling if a computer not on a network had files copied off of it. I have looked at different types of software but unless they were installed prior to the attack then no information can be obtained. Any advice?
      My Computer

  2. Steve C's Avatar
    Posts : 5,238
    Windows 10 Pro 64 bit
       #2

    Which password manager?
      My Computers

  3. swarfega's Avatar
    Posts : 6,365
    Windows 10 Pro 64-bit
       #3

    In situations like this I would strongly consider backing up your files and formatting the computer. The person should also change their passwords.
      My Computers

  4.   My Computer


  5. Posts : 1,093
    Windows 7
       #5

    I too would recommend backing up data ( of course this should have been done previously) and reinstalling the OS. Removing an infection can be very difficult (even for an expert) and you can never be sure you have been fully successful. Decades ago it was said that once the security of a computer was compromised it tends to stay that way. I believe that is even more true today.

    Determining if any files were copied is likely not possible. Windows has file and folder logging but it is not enabled by default. It needs to be carefully configured for your situation if it is to be both effective and not seriously impair performance. Third party software is also useful but it needs to be installed prior to the incident.
      My Computer


  6. Posts : 2
    Windows 10
    Thread Starter
       #6

    Yes, I plan on reformatting the computer. Hopefully the hackers were dumb enough just to use the tool and not smart enough to dig for sensitive data.
      My Computer


  7. EdTittel's Avatar
    Posts : 3,750
    Windows 10
       #7

    Hey! @TairikuOkami: LasActivityView is an absolutely fascinating NirSoft utility. Never ran it before seeing you mention it right now. Great stuff and thanks for sharing!
    --Ed--
    Hacked-image.png
      My Computers

  8. simrick's Avatar
    Posts : 15,914
    W10Prox64
       #8

    newbie12345 said:
    A friend of mine fell for the let me on your computer scam you have a virus.... So now I am trying to do damage control. Through the windows password manager it showed they had accessed approximately 93 passwords and 5 files. What I am trying to determine is if they copied any files off of the computer since there was a lot of sensitive data that was not encrypted. Everywhere I have looked it shows that there is no way of telling if a computer not on a network had files copied off of it. I have looked at different types of software but unless they were installed prior to the attack then no information can be obtained. Any advice?
    Hi.
    If the scammers were given access to the computer, then you have to assume everything was compromised. The operating system should be "clean installed" after backing up all data.
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:25.
Find Us




Windows 10 Forums