Today I was in a Zoom call, right after it ended I got distracted for a couple seconds just to see that someone was browsing on my pc trying to get into my Paypal and bank account, as soon as I saw it I shut off the computer, then proceded to turn it on and scan for viruses. I’m pretty sure the scanner found the trojan I was looking for and so I deleted it, we’re talking about NetSupport RAT. So now I have a couple of questions: he didn’t get anything done (as far as I know) cause his action lasted for about 30 seconds at maximum, how much do I have to worry now? Is it possible that he was monitoring my screen before he took control over it? It seems such a strange coincidence that right after I get distracted after a Zoom call he enters (my camera was on too). Is eradicating the trojan enough? Is there something else I should look for to make sure they do not have access anymore? I used the pc throughout the day without encuntering anymore issues.
You must log in or register to comment.
Unplug it from the internet, power down. Remove the hard drive and take it to get scanned. Extract important files to separate drive, scan it again to be sure the files are clean. Format old drive, put it back in the machine and reinstall your operating system. Change all your passwords, move your files back and install your software again.
I clicked on this link half-hoping you were the other guy from this story.
Nuke and pave time.
Once someone’s gotten into your system, you have NO idea what stubs, installers, or other backdoors have been left behind. You caught the main trojan, but what else did they upload, and what is running in the background sending your files to them?
Install Win11 from a USB drive, and during the process, delete the windows partitions and start anew.
(for those more ‘revenge’ or ‘mess with the scammers’ minded, a VM installed as a honeypot system makes for fun times. I can’t go into specifics here, but watching “Scam Bait” channels like Kitboga or Pierogi should give you ideas.)
Nothing, it’s their computer now. You just provide power for them.
God knows what that troyan fed him, he could have logs of all your keyboards strokes, passwords and partial access to emails , I would log into your main email accounts using phone change all the passwords 1st then nuke the pc after you take all important data out.
if you can afford it, get a basic af chromebook or something inexpensive and do only purchases on it.
Check for a keylogger, change your passwords on a diff computer and don’t use it on that one until you’re 100% certain. Setup your bank to alert you for any purchases.
Thanks for the tip, will change the passwords for sure. Also I might be dumb but I don’t see how someone could break through my bank 2FA even if they had my password, to log in myself I have to scan a qr code with one and only different device, but maybe hackers know something more than I do.
They can spoof ur number and receive the 2FA on their end
So no one has posted this. I work cyber security blue team.
It’s a cookie stealing attack and really common right now. Just google cookie stealing and MFA and you will find tons of articles on it.
You know how you don’t need 2 factor to login once you’ve done it once? Cookies. Password stealers are grabbing full profile data to pretend they are your browser.
2nd. Netsupport is not a trojan per se (if that is what you have), but it is very common tactic right now to get someone on the phone or chat (typically via a fake invoice charging a bunch of money, or a fake AV chome popup) and trick them into installing the remote access software.
Inet Off and nuke
If I were you I’d just log my internet off and format everything on that PC, not gonna lie
Back up your data and reinstall windows.
Reinstall Windows.
Absolutely not worth it one bit risking it. Sadly I’ve seen this happen to people and they get royally screwed up. Hope you get sorted bud.
Do you mean they don’t reinstall and info gets stolen?
It’s a high probability.
The virus scanner might have found it, but a reinstall will mean it’s deffo gone. Sleep easier then and can happily reset any passwords etc.