Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Shally

Someone remote-desktop'd into my PC. Now three new accounts have appeared.

Recommended Posts

Posted · Original PosterOP

So during the week I was playing a CS:GO game with friends when my screen turned blue and it told me someone was attempting to remote desktop into my computer. Being in the heat of the moment in CS:GO I thought a application was requesting permission so I clicked accept, and immediately realized what I had done. I turned off my PC instantly as I windows wasn't responding to me anymore.

 

The user that did this had a windows name as windowsuac. Now that's very close to Windows UAC, User Access Control. But when I google windowUAC altogether I get no results. Now when turning on my PC this morning I noticed three new accounts had been created on my machine, sub, admins, and windowsuac.

 

They all had Administrator powers, which I removed immediately. I never made these accounts.

So, is Windows being strange and doing all this itself or should I be worried something has entered my System? 


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites
1 minute ago, Shally said:

So, is Windows being strange and doing all this itself

No, Windows doesn't just randomly ask for remote-desktop permissions and start creating new accounts.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
Posted · Original PosterOP
1 minute ago, WereCatf said:

No, Windows doesn't just randomly ask for remote-desktop permissions and start creating new accounts.

I'm thinking of doing a fresh install of Windows, would you agree?


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites
3 minutes ago, Shally said:

So during the week I was playing a CS:GO game with friends when my screen turned blue and it told me someone was attempting to remote desktop into my computer. Being in the heat of the moment in CS:GO I thought a application was requesting permission so I clicked accept, and immediately realized what I had done. I turned off my PC instantly as I windows wasn't responding to me anymore.

 

The user that did this had a windows name as windowsuac. Now that's very close to Windows UAC, User Access Control. But when I google windowUAC altogether I get no results. Now when turning on my PC this morning I noticed three new accounts had been created on my machine, sub, admins, and windowsuac.

 

They all had Administrator powers, which I removed immediately. I never made these accounts.

So, is Windows being strange and doing all this itself or should I be worried something has entered my System? 

I'd say start with scanning with malwarebytes. You probably have been infected by something.

Link to post
Share on other sites
Just now, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

I would do a fresh install, so yes.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
Just now, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

That is also a very good idea and then on another device or the fresh install start making new passwords on all your accounts.

Link to post
Share on other sites

Download Kaspersky Rescue Disk. It's an OS that will run without any of your Windows stuff up and running. Run the scan first. 

Then boot into safe mode (w/o networking!) and delete those accounts from your PC. 


Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites
Posted · Original PosterOP
Just now, ARikozuM said:

Download Kaspersky Rescue Disk. It's an OS that will run without any of your Windows stuff up and running. Run the scan first. 

Then boot into safe mode (w/o networking!) and delete those accounts from your PC. 

What's the scan do?


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites
Posted · Original PosterOP
3 minutes ago, jaslion said:

I'd say start with scanning with malwarebytes. You probably have been infected by something.

I ran it there, I just got a lot of pup's, nothing too concrete


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites

Yea fresh install, all PWs reset - Ive done some newb stuff but allowing remote viewing in the heat of the moment isn't one of them.  

 

Im honestly perplexed how one would do this.  Ive never used, so just checked, the interface of Windows remove viewing App - it looks nothing like UAC or allowing stuff through internet prompt. 

 

Must have been one hell of a competitive match.


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, CoolerMaster HAF XM Case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman ZM-GM1 mouse, Hannspree HF207 and Acer AL2016W monitors

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, 2x Gigabyte HD 7850 2gb GPUs in crossfire, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, PCCOOLING 160w TDP air cooler, 60gb Patriot SSD Win 10 boot drive, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  Logitech Wireless Keyboard and Mouse, Roku 55" 4k TV

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV for form factor in the kitchen

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 2gb ram tinker toy at the moment.  Running Manjaro at the moment

APU Laptop: I need to clean this things TIM up so it can boot into Windows 7 for more than 5 minute before overheating at idle, it has things, I just haven't been on it in 2 years or so

Link to post
Share on other sites
1 minute ago, Shally said:

What's the scan do?

Checks everything on the disk before it has a chance to hide.


Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites

Just do a fresh install just to be extra safe.


Budget build
CPU: Ryzen 5 2400G
iGPU: Vega 11
Ram: Crucial 16GB DDR4 2666mhz dual channel
MB: Gigabyte ga-a320m s2h v2
SSD: Crucial 240GB
PSU: Cheap 500W
Case: Cougar MX330-G

Link to post
Share on other sites
Posted · Original PosterOP
7 minutes ago, Tristerin said:

Yea fresh install, all PWs reset - Ive done some newb stuff but allowing remote viewing in the heat of the moment isn't one of them.  

 

Im honestly perplexed how one would do this.  Ive never used, so just checked, the interface of Windows remove viewing App - it looks nothing like UAC or allowing stuff through internet prompt. 

 

Must have been one hell of a competitive match.

Is a fresh install the same as Windows reset?


Work Laptop: HP ZBook 15  i7-4800QM 16GB  Home Laptop: Lenovo Ideapad 720s i7 8550u Phone: Galaxy S9  

CPU: R7 3700X GPU: GTX 1070 it Strix HDD: 1TB WD Blue SSD: 128gb 970 Memory: 16GB Crucial DDR4

 

Link to post
Share on other sites
8 minutes ago, Shally said:

Is a fresh install the same as Windows reset?

Ive never used Windows Reset, I only fresh install when I get myself too deep into the viral portions of the interwebs.  Im not sure if Windows Reset is a clean set of directories, root access etc whereas a fresh install (need the ISO or recovery media to do this) is

 

I only recommend fresh installs and all PWs changed because that's what I would do in this situation.


Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) 3600mhz V-Color Skywalker (or 4x8gb DDR4 2666mhz for large tasks), Corsair HX850 PSU, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, CoolerMaster HAF XM Case.  DSI 90-Key Mechanical Keyboard w/ Cherry Red switches, Zalman ZM-GM1 mouse, Hannspree HF207 and Acer AL2016W monitors

https://www.3dmark.com/3dm/37004594?

Ryzen Rig 1: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case.  Zalman K600S keyboard, Zalman ZM-GM1 mouse, Acer XF270HU 2560x1440 144hz IPS monitor

https://www.3dmark.com/3dm/37628874?

Dwight: The Mixed Metals Loop Media Center.  Ask me about it.  Currently decommissioned to move to an mATX setup on a new MOBO once I pick one out

Schrute: ASUS M5A99FX Pro R2.0, FX 8350, 2x Gigabyte HD 7850 2gb GPUs in crossfire, 16gb (4x4) Corsair Vengeance DDR3 1600mhz, Sparkle/FSP 650w PSU, PCCOOLING 160w TDP air cooler, 60gb Patriot SSD Win 10 boot drive, 1tb WDBlack HDD, Rosewill Nautilus 1.0 case.  Logitech Wireless Keyboard and Mouse, Roku 55" 4k TV

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 2x4gb DDR3 1600, Team Group 120gb SSD, 500gb Seagate 7mm HDD attached storage, Windows 10 Pro, Logitech K400+, USB Wifi adapter all vesa mounted to the back of a 37" 1080p TV for form factor in the kitchen

Linux Box: Toshiba Laptop, i7 620M, NVS graphics, 2gb ram tinker toy at the moment.  Running Manjaro at the moment

APU Laptop: I need to clean this things TIM up so it can boot into Windows 7 for more than 5 minute before overheating at idle, it has things, I just haven't been on it in 2 years or so

Link to post
Share on other sites

This is why I never rush B.  


AMD Ryzen 3900X  |  Fractal Design S36 360 AIO w/3 Corsair SP120L and 3 Noctua NF-F12 3000 fans  |  Asus Crosshair VII WiFi X470  |  G.SKILL TridentZ 3600CL15 2x8GB @ 3800MHz 14-15-14-14-30  |  EVGA 1070 Ti SC GAMING ACX 3.0 Black w/NZXT Kraken G12 Cooler  |  Samsung 970 EVO M.2 NVMe 500GB - Boot Drive  |  Samsung 850 EVO SSD 1TB - Game Drive  |  Seagate 1TB HDD - Media Drive  |  EVGA 650 G3 PSU | Thermaltake Core P3 Case 

Link to post
Share on other sites
17 minutes ago, Shally said:

Is a fresh install the same as Windows reset?

Do note (this is probably very obvious but I am going to say it anyway just in case) the first thing you should do before any of this is you are going to want to disconnect from the internet before you turn your PC back on, thereby preventing the perpetrator from accessing your data or causing further damage.


In search of the future, new tech, and exploring the universe! All under the cover of anonymity!

Link to post
Share on other sites
4 hours ago, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

I would do a fresh install, followed by changing all of the passwords to all of your accounts, as well as all of your network credentials (wifi password, admin password for the router, etc.).  This is because (clearly) they were able to get in, and thus know how, and thus a change is necessary to prevent that from immediately happening again, plus the fact that you don't know what other credentials may have been stolen while they were connected.

 

I would then have a thorough look through the router settings to see if anything could be tightened.  No port forwarding, no UPnP, etc.  This is key - never mind that it asked and that you clicked accept when you could/should have clicked deny - it should not have been possible for someone to even make it prompt you in the first place.  By the time that happened your security had already failed.

 

Finally, assuming you don't use remote desktop yourself, I would disable it in Windows.  Never hurts to have an extra little bit of protection, if not against others, at least against yourself :P


Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×