Today I was in a Zoom call, right after it ended I got distracted for a couple seconds just to see that someone was browsing on my pc trying to get into my Paypal and bank account, as soon as I saw it I shut off the computer, then proceded to turn it on and scan for viruses. I’m pretty sure the scanner found the trojan I was looking for and so I deleted it, we’re talking about NetSupport RAT. So now I have a couple of questions: he didn’t get anything done (as far as I know) cause his action lasted for about 30 seconds at maximum, how much do I have to worry now? Is it possible that he was monitoring my screen before he took control over it? It seems such a strange coincidence that right after I get distracted after a Zoom call he enters (my camera was on too). Is eradicating the trojan enough? Is there something else I should look for to make sure they do not have access anymore? I used the pc throughout the day without encuntering anymore issues.
Nuke and pave time.
Once someone’s gotten into your system, you have NO idea what stubs, installers, or other backdoors have been left behind. You caught the main trojan, but what else did they upload, and what is running in the background sending your files to them?
Install Win11 from a USB drive, and during the process, delete the windows partitions and start anew.
(for those more ‘revenge’ or ‘mess with the scammers’ minded, a VM installed as a honeypot system makes for fun times. I can’t go into specifics here, but watching “Scam Bait” channels like Kitboga or Pierogi should give you ideas.)