do screen share programs like Anydesk show whats being opened ?

[enf1946]

on your system.

 

For example if they run a program on you PC will is show on the screen ?

can you see everything they are doing ( aside from files transfer . But that shows up in the log )

thanks

[Porthos]

2 minutes ago, enf1946 said:

can you see everything they are doing

Depends on the remote tool. They could run a script to get whatever they are after in some.

[AdvancedSetup]

Yes, for the most part you can see anything done, but if you're not technically savvy they could attach other processes to the system and do things in the background.

Often stuff done in DOS console might as well be magic to most people though as very few understand or know what is going on with commandline operations

 

[Porthos]

The best thing is to never let anyone remote access to the system.

If you have allowed this to happen, I would get the system checked out and if deemed OK, change all passwords on all sites.

 

[enf1946]

curious what you mean in your post .

if they execute cmd   the black dialog pops up and u can see it.

if they transfer over a powershell file can execute it cant u see that also ?

thanks

>>>>>>>>>>

•  
• Root Admin

• ID:1552317

Posted 7 hours ago

Yes, for the most part you can see anything done, but if you're not technically savvy they could attach other processes to the system and do things in the background.

[AdvancedSetup]

No, it is possible to run commands against your computer that you will not be able to see run.

Do you need help checking your computer? @enf1946

 

[enf1946]

yes i did allow Anydesk access for a short period of time then i killed the App. I have Windows 7 . I have Malwarebytes paid version  and ran Eset and nothing found. Om my system no one from outside the PC can get access to the Users file  though.  i checked all run at startup,  and tasks. dont see anything bad , Changed all passwords. would appreciate any tips though

[David H. Lipman]

41 minutes ago, enf1946 said:

yes i did allow Anydesk access for a short period of time then i killed the App. I have Windows 7 .

By whom and for what reason?

AnyDesk software is known to be used from Tech Support Scammers who create false content indicating a Firewall issue, hardware issue or malware incident occurred.  Then to call a number of the scammer.  The scammer will then use AnyDesk software to access the associated PC.  Once there they can modify the OS to further their claims of an "issue", plant malware or exfiltrate data.

[enf1946]

yes it turned out to be a scammer. Didnt know someone using it could do stuff without u seeing it. i tested Anydesk from another PC. they can get a my Users file. I checked Windows startup programs, scheduled tasks and changed my passwords. But if u have any suggestions im up for it.

[enf1946]

i am sorry. they CANNOT get or transfer my Windows Users file.

[enf1946]

 . . . they were only in for 3 minutes then i cancelled  the app Anydesk

[David H. Lipman]

That's what we figured.

3 minutes is not too much time, thankfully.

Did you supply a Credit Card or other Personally Identifiable Information (PII) to the scammer?

Edited January 31, 2023 by David H. Lipman
Edited for content, clarity, spelling and/or grammar

[enf1946]

no i did not supply any PII or credit cards .  I guess the big worry is keyloggers.   both Malwarebytes and ESET didnt find any .

Thanks

[Porthos]

49 minutes ago, enf1946 said:

. . . they were only in for 3 minutes then i cancelled  the app Anydesk

 

17 hours ago, Porthos said:

The best thing is to never let anyone remote access to the system.

 

[enf1946]

>>>> The best thing is to never let anyone remote access to the system.

yes now i know. I didnt know these things could transfer files. . .

so on my Windows  System i checked :

windows startup programs

all tasks in Task Scheduler    listed in admin tools

browser add ons and extensions

host file.

full scan by malwarebytes and ESET

anything else i should check ?

thanks

 

[Porthos]

5 minutes ago, enf1946 said:

I didnt know these things could transfer files

Most can. As someone who does remote support for my clients, my remote can take anything off your computer I want also I can put anything on your computer as well.

I can also copy a command and paste it on your computer that can do almost anything I want it to do.

I can also lock you out of the computer with a password with a simple command executed on your system.

I have full access just as I would if I was in your chair in front of your computer.

 

[AdvancedSetup]

It sounds like you're probably okay, but if you like, you can post back some logs and we can review them to see if we find anything obvious that should not be there. @enf1946

 

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to the Public desktop, please upload that file on your next reply

Thank you

 

[enf1946]

hi

i noticed on some other  FRST.txt files it said that if an entry was on the fixlist it would be moved. Does that support tool move anything around ?????

also are these logs private when i post ? thanks

[AdvancedSetup]

The MBST tool does not remove anything unless we provide you a FIX to run. It simply gathers data.

You can send me a private message with the log if you like @enf1946