unauthorized remote access, how do I find the program & then stop it?


  1. Posts : 6
    windows 10 v1903
       #1

    unauthorized remote access, how do I find the program & then stop it?


    Hi guys a friend of mine recently let a guy into her system from 'Microsoft' (yeah I know Ive told her many times !) anyway he's obviously installed something so he can log on and do what he likes. (she thought it was teamviewer but I cant find any reference to that) I have anydesk on so I can help her.
    He locked her out of her account but I sorted that. Ive run the proprietory virus scanners both online and offline, and removed a few bits but nothing that would allow login. Ive checked the event security logs and found when he got in but so far I haven't come across the program/culprit is there a better easier/way to do this or program to help?
    Ive run a network scanner/task manager in case he logged in again and I could see whats happening but that's not happened .. she has windows 10 Home v1903
    any advice appreciated
    Last edited by shawie60; 27 Sep 2019 at 06:28.
      My Computer


  2. Posts : 6,967
    windows 10
       #2

    Welcome to the forum. The best advice in these cases is to do a clean install it's the only way to be sure it's safe. What he installed could show in task manager startup tab or it could be a service or even a task. The danger is it's monitoring the system for bank details and sending them to the hacker it may not show up in virus scans. It may show an ąctive connection on the network
      My Computer


  3. Posts : 5,200
    Windows 11 Home
       #3

    I would check it out, but I guess the last thing she wants, would be another stranger poking around her PC.

    For starters install a real firewall, like Comodo or Zone Alarm, both are free.

    Glasswire has a great GUI of connections, but free version does not block outbound, still good for logging.
      My Computer


  4. Posts : 4,546
    Windows 11 Pro 64-bit
       #4

    A remote access Trojan (RAT) is a malware program that includes a back door for administrative control over the target computer.

    Malwarebytes' scanner
    If this program is already installed: Skip the installation and run only the scan!
    Download and install: Please download Malwarebytes' scanner to your desktop.

    • Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
    • Click Finish.
    • On the Dashboard, click the 'Check for Updates' button.
    • After the update completes, click the 'Scan Now' button.
    • A Threat Scan will begin. Please allow it to progress through the scanning process.
    • When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    How to get logs: (Export log to save as txt)

    • After the restart once you are back at your desktop, open Malwarebytes once more.
    • Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Find the log on your Desktop and Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)
      My Computer


  5. Posts : 6
    windows 10 v1903
    Thread Starter
       #5

    thanks for the input, she has malwarebytes on her system (paid version) and that found nothing. the only thing to find anything interesting was Kaspersky rescue cd. that produced a Trojan.Multi.BroSubsc,gen fileless object which is new to me .. however it couldn't remove it. Decided to wipe the drive and re install to be safe.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:13.
Find Us




Windows 10 Forums