2
When a home user woke their laptop (HP with Windows 10, Office, Defender, Chrome, a few games) this morning, it went straight to the desktop (no password prompt) and the Run command box was open with "control userpasswords2" in it. Nothing else was open.
The computer was used yesterday for routine web surfing, then lid closed. No one had physical access overnight (let's assume a Mission Impossible style break-in did not occur).
Any ideas how that got there, or what to look for? Is there some macro that might cause this? Or is it a remote intrusion?
1So, you caught it before someone locked you out of your own system, but they probably also created an admin account for themselves. A bet is that the system isn't set to actually -sleep- when you close the lid, and you don't have any security software running because you figure you don't need it. I sure hope you didn't also have credit card numbers written into some plain-text file. – Debra – 2019-02-05T03:58:06.240
Adding to all this, the information given and the assumptions that can reasonably drawn from them strongly indicate that your organization needs to take security much more seriously and should likely pay good money to find and retain qualified individuals or services that can help fill this need for you. This time you may have gotten off easily, and it would be far better to take this gentle warning and fix the problems than it would be to experience a full breach the next time and hurt people and your organization if you fail to take those necessary precautions. – music2myear – 2019-02-05T16:57:04.950
To clarify: this is a non-business laptop belonging to an acquaintance who I am helping outside of work. – Foo Bar – 2019-02-05T21:23:26.393