I stalker had access to my computer, found suspected stalkerware in startup

[Celestias]

Hello. I found suspected stalkerware on my computer. I reported it here:

Suspected Stalkerware: UWSTService.exe, "Screenshare Service".

It may be "legit" software, but I suspect it is/can be used for malicious stalking purposes.

Is it possible to:

A. Check if the above software transmits screen data or other information? (you can download it from the attachment in my link)

B. Help me check my system is clean? I already own Malwarebytes Premium and have it activated on all my devices, and they all claim that my system is clean and did not detect the above software as a potential threat.

Thank you very much, appreciate it.

[AdvancedSetup]

Hello @Celestias

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[Celestias]

6 hours ago, AdvancedSetup said:

Hello @Celestias

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

Hello, please find attached everything you requested.

Please note the following potentially-relevant facts:

1. Regarding the suspected stalkerware, UWSTservice.exe "Screenshare Service", I deleted it yesterday TO THE RECYCLE BIN (not Shift-Delete) before my scan today. If you want me to restore it and/or run it before/during a scan, please let me know.

2. Firefox is my main web browser (because I noticed there are AdwCleaner settings relating to Chrome and IE.

Any chance we can scan UWSTservice.exe that I submitted on the other thread, about what data it transmits? I'm in the middle of a court case against a fraudster-hacker who had physical access to my computer, and I'm genuinely worried about the data he has been obtaining from my computer about the sensitive court case against him. Thank you.

FRST.txt Addition.txt AdwCleaner[C00].txt Malwarebytes Scan Report 2024-04-23 063240.txt

[AdvancedSetup]

3 minutes ago, Celestias said:

I'm in the middle of a court case against a fraudster-hacker who had physical access to my computer, and I'm genuinely worried about the data he has been obtaining from my computer about the sensitive court case against him. Thank you.

You should SHUT DOWN this computer and stop using it, or do a Forensic Copy of the drive and save to an external USB drive for examination by the court.

Not saying you need to or should use this software. There are other methods. You should research it more. But using the computer and cleaning the computer removed or modifies the forensic data that may be required in a court of law.

https://www.easeus.com/disk-copy/clone-resource/how-to-make-a-forensic-copy-of-a-hard-drive.html

 

[Celestias]

2 minutes ago, AdvancedSetup said:

You should SHUT DOWN this computer and stop using it, or do a Forensic Copy of the drive and save to an external USB drive for examination by the court.

Not saying you need to or should use this software. There are other methods. You should research it more. But using the computer and cleaning the computer removed or modifies the forensic data that may be required in a court of law.

https://www.easeus.com/disk-copy/clone-resource/how-to-make-a-forensic-copy-of-a-hard-drive.html

 

Thank you very much for your very intelligent advice. Really appreciate it! I will execute it now.

It would just be very helpful to also be aware if my court strategy and correspondence with my lawyer have also been leaked to the hacker, to be aware if we need to change course or take preemptive countermeasures.

Thank you once again.

[AdvancedSetup]

No way to tell. That is what law firms and forensic security firms are for to track down such issues. The cost is often way to expensive for most to attempt on their own.

 

[AdvancedSetup]

Closing this topic now as the computer should be imaged for review in a court case