So I found a backdoor, multiple trojans and crypto miners in a client's PC. He is worried that his personal information has been compromised.
What happened: During the installation of Kaspersky anti-virus, a user account control prompt appeared with "Kaspersky" on the name of it, but it was not from a verified publisher. He accepted this prompt, allowing someone who is not Kaspersky Labs to make changes to his PC and this is probably how the backdoor got installed.
Kaspersky actually finished installing and worked for a while. But after a while it got inoperable by the backdoor, and so did Windows Defender.
I actually have little knowledge of cybersecurity, and don't know how the process to backdooring someone is.
Is this probably an automated process the malware performed in the computer? That is, did the virus made the prompt, deactivate Kaspersky and Windows Defender all by itself? How likely it is that the hacker did it manually?