2

So I found a backdoor, multiple trojans and crypto miners in a client's PC. He is worried that his personal information has been compromised.

What happened: During the installation of Kaspersky anti-virus, a user account control prompt appeared with "Kaspersky" on the name of it, but it was not from a verified publisher. He accepted this prompt, allowing someone who is not Kaspersky Labs to make changes to his PC and this is probably how the backdoor got installed.

Kaspersky actually finished installing and worked for a while. But after a while it got inoperable by the backdoor, and so did Windows Defender.

I actually have little knowledge of cybersecurity, and don't know how the process to backdooring someone is.

Is this probably an automated process the malware performed in the computer? That is, did the virus made the prompt, deactivate Kaspersky and Windows Defender all by itself? How likely it is that the hacker did it manually?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Paternostro
  • 121
  • 1
  • You must re-install your OS. –  Feb 23 '21 at 13:33
  • Does this answer your question? [Help! My home PC has been infected by a virus! What do I do now?](https://security.stackexchange.com/questions/138606/help-my-home-pc-has-been-infected-by-a-virus-what-do-i-do-now) –  Feb 23 '21 at 13:33
  • Thanks for the suggestion, but question is in bold. My question is how likely it is that the hacker did it manually. – Paternostro Feb 23 '21 at 13:37
  • 1
    Of all the things to be curious about, this is an odd one. There is no way for us to know the likelihood of this being a manual or automated process. Why do you want to know the likelihood? – schroeder Feb 23 '21 at 13:38
  • I know little about cybersec. I thought maybe it had to be done manually since every anti-malware has it's own nuances. The client is worried that the hacker may be personally watching his screen, and gathered personal info of him and his clients in online meetings, as he is a lawyer. Maybe if the hacker has an automated process and has multiple victims, they won't pay so much attention to him as to watch his screen. – Paternostro Feb 23 '21 at 13:51
  • Is it possible? Yes. Is it "likely"? Nobody knows. –  Feb 23 '21 at 13:53
  • Probably the hacker do it right now but you can't be certain about that . – Ion Stirba Feb 23 '21 at 13:55
  • Knowing if it is manual or automated does not change the threats or the potential impact ***at all***. Automated viruses can do all the things that a manual process can. Knowing doesn't help you figure out your next steps either. The machine is severely compromised. Get it disconnected from any network right now. – schroeder Feb 23 '21 at 19:03

1 Answers1

0

You can do this operation from all over the world. And also control the computer remotely every time you turn the computer on. The hacker is notified about this and can do operations like listening to audio/video from pc and also each key the user types.

The hacker can also infect other devices on the network. You must isolate this PC ASAP and change the passwords for each user account immediately from another device.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ion Stirba
  • 107
  • 6