I was watching YouTube yesterday when suddenly the playback paused and the full screen was exited. I then tried to click on the video to play it again, but I realized that I didn’t have any control over my mouse. I then saw that the mouse clicked on the address bar and typed in something like “edge:://settings”. I freaked out and instantly pushed the power button of my computer and disconnected the LAN cable.

Whoever did this, I was in Firefox, idiot.

Anyway, I’ve never experienced something like this ever. I’ve encountered multiple viruses and adware before, but most of them were easily traceable and removable. Most of the time there was a suspicious process in the task manager, sus folders and files, suspicious autostart settings or they could simply be found with a scanner. Only a single time I had to reinstall Windows because the virus locked my system. But this time was different. I don’t use cracked software anymore, I don’t stream anymore, I don’t stroll over the internet anymore. There was no reason and no suspicious activity beforehand. Everything happened completely out of the blue and in the background.

I found a strange log file in the temp folder, in which it looks like the edge browser was reverted to an older version in the background with some registry changes on edge and web viewer and other stuff in the background as well as some windows defender changes in the registry. My guess is to create a more vulnerable version of Edge.

I’ve completely wiped edge from my computer as well as every registry entry that was related to edge, I’ve reinstalled Firefox and removed all cache, cookies, history, password, etc. I’ve deleted several suspicious files and registry entries that were changed shortly before this happened and I saw that for some reason remote access wasn’t completely deactivated, so I shut that down too. I’ve run several anti virus and malware scans, fixed a few things they found, but there is still no obvious trace and reason to why this could happen in the first place. OK, except the remote access setting. But still, someone would need to do certain things to find my pc and get access in the background.

My question to you people is, how can I make sure that my system is clean again? And how can I prevent something like this in the future. I’d rather like to find the source of this instead of reinstalling Windows. Or has hacking tech really become this advanced that one can hack you and you cannot find out what happened at all?

  • I_need_happiness@alien.top
    cake
    B
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If somebody is using your computer, it cannot be via browser. I’ll tell you honestly. For the screen-sharing to take place, you have to hook into system services, which is completely impossible with browser (as it can allow only the basic controls when shared).

    There’s definitely something else which is happening. It is either Remote Assistance or some application which is allowing screen sharing & control. If you are using MacOS, this is pretty damn straight forward and find the app and disable it. For Windows, Umm. There’s something difficult.

    My Suggestion is:

    If you are concerned about Data & Apps:

    • Don’t connect the computer again back to the network.
    • Download a MSRT (Microsoft’s Malicious Software Removal Tool) from another PC and run it here.
    • Download Kaspersky Free Rescue Disk Tool in Another PC and make a boot-able drive and perform a scan (https://www.kaspersky.com/downloads/free-rescue-disk) on your system which is actually infected.

    This method doesn’t guarantee you a 100% cleanup.

    If you are not concerned about Data & Apps:

    • Make a bootable drive with Windows 10 Image and beat the shit outta your computer by re-installing the Whole Windows once again.

    but I realized that I didn’t have any control over my mouse. I then saw that the mouse clicked on the address bar and typed in something like “edge:://settings”.

    Ok - tell me clearly. Does the mouse movement looks like human’s movement or does it look programmatically done? If it’s humans kinda movement, you have a backdoor. If it was so programmatically, this is simply a program written with JS / Python with Selenium to open a backdoor and you caught it before anything can happen. So, you are at least safe to an extent.

    BTW, you want to just clean or understand what happened in the computer?