Jump to content
bsrutter

Gave Hacker Remote access... What can I do.

Recommended Posts

Ok I purchased a Printer and and went to what I thought was the website to download the driver. It ended up being a fake website. I entered the model number of the printer and came up with error message and had you call support. So I called support and they requested remote access to fix the problem. Stupid I know but looked like legit Cannon website so I did. The tech ran a diagnostics in command prompt and said the drivers were corrupted and that my network has been hacked. Then tried to get me to pay for a Level 9 tech to remove the hack and install network security. I have removed that hard drive and installed an SSD drive but I do have a second hard drive for storage and I beleive the programs are stored on there. Is there anything I can do to check or remove what he has done?

Share this post


Link to post
Share on other sites
Posted (edited)

You need to stick on one forum or another. Many of the same helpers work multi-able forums and it a wase of limited rescources and can cause damage to you computer if too many work on the system not knowing what another forum is doing.

User has topic already here.

https://www.bleepingcomputer.com/forums/t/716504/gave-hacker-remote-access-what-can-i-do/

Edited by Porthos

Share this post


Link to post
Share on other sites

To add a bit more:

It is very regrettable that this type of situation is encountered.   One has to learn and get familiar with the real support site for the printer  ( or any other computer hardware).

The scammers likely just ran a normal  ( but obscure-to you) Windows applet with the intent to show you a lot of lines on the display & so with the hope to hoodwink you.

You did not mention just how they connected to your machine.   Or whether they asked you to do something.

But, you should do ( just as precaution)  a Full scan with Malwarebytes for Windows,  and a separate Full scan with the antivirus program installed on this machine

You say you have removed the disc drive so not sure where it is now.

.

If you still have the telephone number of these scammers,  even more so the name(s) they used, report that to your State's attorney general fraud section and also to the FBI  ( if in US ).

Share this post


Link to post
Share on other sites
25 minutes ago, Porthos said:

You need to stick on one forum or another. Many of the same helpers work multi-able forums and it a wase of limited rescources and can cause damage to you computer if too many work on the system not knowing what another forum is doing.

User has topic already here.

https://www.bleepingcomputer.com/forums/t/716504/gave-hacker-remote-access-what-can-i-do/

I appreciate your helpful reply. Yes I did post on that forum but I didn't realize they have a 5 day response time.

Share this post


Link to post
Share on other sites
4 minutes ago, Maurice Naggar said:

To add a bit more:

It is very regrettable that this type of situation is encountered.   One has to learn and get familiar with the real support site for the printer  ( or any other computer hardware).

The scammers likely just ran a normal  ( but obscure-to you) Windows applet with the intent to show you a lot of lines on the display & so with the hope to hoodwink you.

You did not mention just how they connected to your machine.   Or whether they asked you to do something.

But, you should do ( just as precaution)  a Full scan with Malwarebytes for Windows,  and a separate Full scan with the antivirus program installed on this machine

You say you have removed the disc drive so not sure where it is now.

.

If you still have the telephone number of these scammers,  even more so the name(s) they used, report that to your State's attorney general fraud section and also to the FBI  ( if in US ).

I downloaded a remote access client. Not for sure which one. I would have to reinstall the other hard drive to find it. So they had full access remotely. Yes they ran a scan on drivers with cmd prompt but I know they were doing something in the background.

 

Share this post


Link to post
Share on other sites

The thing is at present, What are you plaaning to do with the drive  that you have removed ?

If it were left just where it was originally,  a number of different scans could have been run to check it.

BUT if it were to be hooked up as a remote-slave drive,  scans get more involved, like having to do Custom scans.

What is it you plan to do with that drive ?

 

Do you have a Backup of this system from before this incident ?    Backup is your best friend.

 

Quote

I downloaded a remote access client.

Do you remember its name ?  Do you remember where you had Saved it ?

Share this post


Link to post
Share on other sites

What is it you plan to do with that drive ?         I don't necessarily need that drive since the ssd drive is working. If I can scan it and remove all traces of corruption then that would be a plus. I am not only concerned about malware but what he may have done in settings etc. I think I have it setup to use the second drive for storage and programs etc. Is it possible the second drive can be corrupt or is there a way to check.

Do you have a Backup of this system from before this incident ?    I do not. Unless there was one automatically saved. I did a complete backup of the ssd drive once I installed it but that doesn't help

Do you remember its name ?  Do you remember where you had Saved it ? I installed the other drive and the name of the remote access is Goto assistant.I just downloaded it and ran it. Probably went to downloads folder

 

Let me know if that helps or if you need any more info.

Thanks

 

Share this post


Link to post
Share on other sites

Yes, I need much more info about "the drive at issue".   You had said you removed it.   Where is it now ?

Is it currently attached to one of your machine ?  or what ?   Need details on that.

 

That SSD drive you keep mentioning,  is that where you newly installed a clean Windows ?

What we need to know up front is:

Which one has a known clean Windows operating system?

further, is that machine then able to "access"   the drive that the scammer was on?

Please provide a real clear info on all that.   I mean, what machine do you have that is known to have a trustworthy Windows O.S.  that can be used then to scan the "scammed /potentially scammed drive".

 

IF the drive is accessible as a drive, you can do CUSTOM scans with Malwabytes for Windows, as well as with the antivirus app installed in Windows.

Plus you could also run some other scan tools that will check that whole drive.

If on the other hand,  that drive has no personal files that you need,  and you have a new Windows setup elsewhere,  then you could "nuke" the "scammed drive" / essentially erase it.

Are there any personal  files on that drive  that you do not have on Backup?

I count on you to provided clearer information on the situation of hardware.

Share this post


Link to post
Share on other sites
Posted (edited)

Some additional notes.

You did not mention how long the scammer was on your machine.  There is no way to know whether they actually got any sort of financial account numbers, or some key parts of personal data, like birthdate, social security number, bank account number, etc.

Although, they would have your phone number.   And it could be, they may try calling you.

We do not and cannot know if your pc had stored personal identifiers, or account numbers.  Only you would know.

 

The following is typical advice for someone who might be a victim of identity theft.

You are strongly advised to do the following

1.  Watch closely all bank, financial accounts & credit cards.

2. Contact  your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts.

3. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

be sure you use strong passwords.    

https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/

 

https://www.lastpass.com/password-generator

Do NOT change passwords or do any transactions while using the  "suspected"  computer

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Yes, I need much more info about "the drive at issue".   You had said you removed it.   Where is it now ?

Is it currently attached to one of your machine ?  or what ?   Need details on that.  I removed it and it is just sitting on the shelf but the second drive is still in the computer. can the second drive be corrupt as well?

 

That SSD drive you keep mentioning,  is that where you newly installed a clean Windows ? About a year ago I copied the hard drive over to the SSD drive and used it for about 6 months then  it would not boot up so I reinstalled the hard drive in the computer. After the hacker had access to my computer I removed that hard drive and installed the SSD drive and it is currently booting. So the SSD drive does not have a clean install of windows just the mirrored copy of the hard drive before it was corrupted. 

Which one has a known clean Windows operating system?   I guess the ssd but just don't know if the second drive can cause it to be corrupt. I had it setup to automatically use second drive for download, documents, storage etc.

IF the drive is accessible as a drive, you can do CUSTOM scans with Malwabytes for Windows, as well as with the antivirus app installed in Windows. Can this be done for the second drive. It is accessable as drive D.

If on the other hand,  that drive has no personal files that you need,  and you have a new Windows setup elsewhere,  then you could "nuke" the "scammed drive" / essentially erase it. Files are mostly all saved to second drive. I copied some files that were on Desktop. But now the drive can be "Nuked"

Share this post


Link to post
Share on other sites

You did not mention how long the scammer was on your machine. About 10 minutes

There is no way to know whether they actually got any sort of financial account numbers, or some key parts of personal data, like birthdate, social security number, bank account number, etc.   Nothing on main drive but there were some files on second drive

The following is typical advice for someone who might be a victim of identity theft. I have been following all this advice.

Share this post


Link to post
Share on other sites

You used the term "corrupted".   That has to be just an assumption, until proven otherwise.

It is questionable that this scammer caused or made some infection.   But keep in mind, the scans we do can only check for malware.

If Malwarebytes is installed on the machine, you can run a CUSTOM scan and select C & D drive to be both scanned.

Much much later, you can then ran a custom scan with Windows 10 Windows Defender and some other special scan tools.   Again, it would be checking just for malware.

When you get all done, you should do a Windows Update run looking to get the latest Windows 10  Build.   But that can wait.

I would note though, that moving the Documents folders to the D drive may  lead to some oddities later on.

.

Be aware this next scan cn take many , many hours.   Have plenty of patience.  Let it run for however long.

Do a full Custom scan with Malwarebytes for Windows.

This special scan will take several hours,

Start Malwarebytes for Windows.

Now look at the middle pane "Scanner"  and only just click on a general spot or white space there.   We want to see a list of sub-options.

On the next display, look way down at bottom  & click on Advanced scanners   ( way at the bottom )

Then look in the middle at the one "Custom Scan".   there, click on "Configure Scan"

 

Once at the initial Custom scan window,  the check-box for "scan for rootkits" is clear.

One needs to click on the check box for that, so "Scan for rootkits"  is ON. 

One needs to pick  ( check-mark)  the drive letter for the drive to be scanned.   You want to be sure that you check the box for C  ....the C drive   &  also the D drive..

Then click the Scan button.   Have lots of patience.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Note:  Malwarebytes does not scan all file-types.   It mainly scans executable type files.

That is why later on, we will run other special scans  to scan the drives.

 

Share this post


Link to post
Share on other sites

Hello.   Checking up here.   How is it going ?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.