1

Twice now I have left my home laptop active and logged in on my desk to return and find the mouse moving around the screen, the first time browsing through Xbox smartglass and the second time in the act of closing photoshop. I haven't waited around to see what it will do before force shutting the thing down. No damage was done the first time and I have yet to check from the second time. Whoever is doing it doesn't appear on my wifi network. Programs I had open when my PC was compromised both times were XAMPP, chrome, and text editors, (running Windows 10). It's quite unpleasant knowing my PC can be hacked at any moment I'm not using it and I wonder if there's anything I can do to find the person behind it or prevent these attacks in the future?

Clay Eickemeyer
  • 13
  • 1
  • 3

2 Answers2

2

Here are some things which might help:

  1. Turn off/Unplug your router, then boot up your computer.
  2. Open settings and go to Apps & Features, look through the list for programs like 'TeamViewer'. I suggest you google search some top remote access programs and try to identify any you might have installed
  3. Uninstall those you find, and also anything else you don't need. If you don't know what something is, Google the name first to find out.
  4. Go back to the main settings window, and go to System > About. In the Related settings list on the right, select System info.
  5. Click Advanced System settings on the left, and go to the Remote tab
  6. Untick 'Allow Remote Assistance connections to this computer'
  7. Back in the settings main window, open Update & security
  8. Ensure both Windows and Windows Defender are up to date, if they aren't reconnect to the internet and update them.
  9. Run a windows defender scan.

If those steps don't work or you want to be extra sure, you will unfortunately have to Nuke it from orbit, but after doing so I suggest you step back through the above to untick the Windows built in 'Allow Remote Assistance connections to this computer'.

Numeron
  • 2,455
  • 3
  • 15
  • 19
  • 1
    Good answer, still after an unknown, probably malicious, third party has been accessing your pc without your consent the only safe thing to do is to **nuke it from orbit.** – Caterpillaraoz Jul 12 '17 at 08:21
  • Unfortunately I had taken all these measures and haven't even had a detected object in my antivirus scans for months now, but this is the most helpful answer to anyone who hasn't. Its a huge inconvenience to reinstall windows with my limited setup but hopefully enough safety measures can stop this. As of right now my best bet is to lock my PC every time I leave it. – Clay Eickemeyer Jul 12 '17 at 23:27
0

To answer the question regarding who was accessing your computer... It may be possible, it may be not, depending on the method that was used to do it and on how much effort did the attacker put to protect themself. Most likely it would take quite a lot of time regardless. But even in corporate environments the majority of the times it is not worth the effort to find the actual person behind the malicious activity, if there's no suspicion that it was targeted or insider activity.

In your place I would focus on your second point - "prevent these attacks in the future". Covered well by @Numeron - reinstall your computer and employ security measures before using it. Installing antivirus, even a free one, and making sure port 3389 (Remote Desktop Protocol) is disabled should be enough to prevent many threats.

skooog
  • 1,008
  • 7
  • 17
  • I changed RDP's port and disabled it and basically everything starting with the word "remote," as well as restricting the scope IP's of the new port to only my local IP... hopefully that does it. Thanks for mentioning that port. – Clay Eickemeyer Jul 12 '17 at 23:30