Jump to content

Someone remote-desktop'd into my PC. Now three new accounts have appeared.

Shally
By Shally
in Windows
 Share
Posted

So during the week I was playing a CS:GO game with friends when my screen turned blue and it told me someone was attempting to remote desktop into my computer. Being in the heat of the moment in CS:GO I thought a application was requesting permission so I clicked accept, and immediately realized what I had done. I turned off my PC instantly as I windows wasn't responding to me anymore.

 

The user that did this had a windows name as windowsuac. Now that's very close to Windows UAC, User Access Control. But when I google windowUAC altogether I get no results. Now when turning on my PC this morning I noticed three new accounts had been created on my machine, sub, admins, and windowsuac.

 

They all had Administrator powers, which I removed immediately. I never made these accounts.

So, is Windows being strange and doing all this itself or should I be worried something has entered my System? 

Irish in Vancouver, what's new?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Shally said:

So, is Windows being strange and doing all this itself

No, Windows doesn't just randomly ask for remote-desktop permissions and start creating new accounts.

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
1 minute ago, WereCatf said:

No, Windows doesn't just randomly ask for remote-desktop permissions and start creating new accounts.

I'm thinking of doing a fresh install of Windows, would you agree?

Irish in Vancouver, what's new?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 minutes ago, Shally said:

So during the week I was playing a CS:GO game with friends when my screen turned blue and it told me someone was attempting to remote desktop into my computer. Being in the heat of the moment in CS:GO I thought a application was requesting permission so I clicked accept, and immediately realized what I had done. I turned off my PC instantly as I windows wasn't responding to me anymore.

 

The user that did this had a windows name as windowsuac. Now that's very close to Windows UAC, User Access Control. But when I google windowUAC altogether I get no results. Now when turning on my PC this morning I noticed three new accounts had been created on my machine, sub, admins, and windowsuac.

 

They all had Administrator powers, which I removed immediately. I never made these accounts.

So, is Windows being strange and doing all this itself or should I be worried something has entered my System? 

I'd say start with scanning with malwarebytes. You probably have been infected by something.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

I would do a fresh install, so yes.

Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

That is also a very good idea and then on another device or the fresh install start making new passwords on all your accounts.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Download Kaspersky Rescue Disk. It's an OS that will run without any of your Windows stuff up and running. Run the scan first. 

Then boot into safe mode (w/o networking!) and delete those accounts from your PC. 

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
Just now, ARikozuM said:

Download Kaspersky Rescue Disk. It's an OS that will run without any of your Windows stuff up and running. Run the scan first. 

Then boot into safe mode (w/o networking!) and delete those accounts from your PC. 

What's the scan do?

Irish in Vancouver, what's new?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Fresh install is the way to go... and set a stronger password.

There is no right or wrong... only popular opinion, political correctness, and government edict.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 minutes ago, jaslion said:

I'd say start with scanning with malwarebytes. You probably have been infected by something.

I ran it there, I just got a lot of pup's, nothing too concrete

Irish in Vancouver, what's new?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Yea fresh install, all PWs reset - Ive done some newb stuff but allowing remote viewing in the heat of the moment isn't one of them.  

 

Im honestly perplexed how one would do this.  Ive never used, so just checked, the interface of Windows remove viewing App - it looks nothing like UAC or allowing stuff through internet prompt. 

 

Must have been one hell of a competitive match.

Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Wifes Rig: ASRock B550m Riptide, Ryzen 5 5600X, Sapphire Nitro+ RX 6700 XT, 16gb (2x8) 3600mhz V-Color Skywalker RAM, ARESGAME AGS 850w PSU, 1tb WD Black SN750, 500gb Crucial m.2, DIYPC MA01-G case

My Rig: ASRock B450m Pro4, Ryzen 5 3600, ARESGAME River 5 CPU cooler, EVGA RTX 2060 KO, 16gb (2x8) 3600mhz TeamGroup T-Force RAM, ARESGAME AGV750w PSU, 1tb WD Black SN750 NVMe Win 10 boot drive, 3tb Hitachi 7200 RPM HDD, Fractal Design Focus G Mini custom painted.  

NVIDIA GeForce RTX 2060 video card benchmark result - AMD Ryzen 5 3600,ASRock B450M Pro4 (3dmark.com)

Daughter 1 Rig: ASrock B450 Pro4, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) Patriot Viper CL14 2666mhz RAM, Corsair HX850 PSU, 250gb Samsun 960 EVO NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MP30 M.2 SATA III SSD, SuperTalent 512gb SATA III SSD, CoolerMaster HAF XM Case. 

https://www.3dmark.com/3dm/37004594?

Daughter 2 Rig: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire Nitro+ R9 Fury Tri-X, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Shally said:

What's the scan do?

Checks everything on the disk before it has a chance to hide.

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
7 minutes ago, Tristerin said:

Yea fresh install, all PWs reset - Ive done some newb stuff but allowing remote viewing in the heat of the moment isn't one of them.  

 

Im honestly perplexed how one would do this.  Ive never used, so just checked, the interface of Windows remove viewing App - it looks nothing like UAC or allowing stuff through internet prompt. 

 

Must have been one hell of a competitive match.

Is a fresh install the same as Windows reset?

Irish in Vancouver, what's new?

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
8 minutes ago, Shally said:

Is a fresh install the same as Windows reset?

Ive never used Windows Reset, I only fresh install when I get myself too deep into the viral portions of the interwebs.  Im not sure if Windows Reset is a clean set of directories, root access etc whereas a fresh install (need the ISO or recovery media to do this) is

 

I only recommend fresh installs and all PWs changed because that's what I would do in this situation.

Workstation Laptop: Dell Precision 7540, Xeon E-2276M, 32gb DDR4, Quadro T2000 GPU, 4k display

Wifes Rig: ASRock B550m Riptide, Ryzen 5 5600X, Sapphire Nitro+ RX 6700 XT, 16gb (2x8) 3600mhz V-Color Skywalker RAM, ARESGAME AGS 850w PSU, 1tb WD Black SN750, 500gb Crucial m.2, DIYPC MA01-G case

My Rig: ASRock B450m Pro4, Ryzen 5 3600, ARESGAME River 5 CPU cooler, EVGA RTX 2060 KO, 16gb (2x8) 3600mhz TeamGroup T-Force RAM, ARESGAME AGV750w PSU, 1tb WD Black SN750 NVMe Win 10 boot drive, 3tb Hitachi 7200 RPM HDD, Fractal Design Focus G Mini custom painted.  

NVIDIA GeForce RTX 2060 video card benchmark result - AMD Ryzen 5 3600,ASRock B450M Pro4 (3dmark.com)

Daughter 1 Rig: ASrock B450 Pro4, Ryzen 7 1700 @ 4.2ghz all core 1.4vCore, AMD R9 Fury X w/ Swiftech KOMODO waterblock, Custom Loop 2x240mm + 1x120mm radiators in push/pull 16gb (2x8) Patriot Viper CL14 2666mhz RAM, Corsair HX850 PSU, 250gb Samsun 960 EVO NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, 512GB TeamGroup MP30 M.2 SATA III SSD, SuperTalent 512gb SATA III SSD, CoolerMaster HAF XM Case. 

https://www.3dmark.com/3dm/37004594?

Daughter 2 Rig: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire Nitro+ R9 Fury Tri-X, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, Cougar MX330-X Case

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

This is why I never rush B.  

AMD Ryzen 5800XFractal Design S36 360 AIO w/6 Corsair SP120L fans  |  Asus Crosshair VII WiFi X470  |  G.SKILL TridentZ 4400CL19 2x8GB @ 3800MHz 14-14-14-14-30  |  EVGA 3080 FTW3 Hybrid  |  Samsung 970 EVO M.2 NVMe 500GB - Boot Drive  |  Samsung 850 EVO SSD 1TB - Game Drive  |  Seagate 1TB HDD - Media Drive  |  EVGA 650 G3 PSU | Thermaltake Core P3 Case 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
17 minutes ago, Shally said:

Is a fresh install the same as Windows reset?

Do note (this is probably very obvious but I am going to say it anyway just in case) the first thing you should do before any of this is you are going to want to disconnect from the internet before you turn your PC back on, thereby preventing the perpetrator from accessing your data or causing further damage.

In search of the future, new tech, and exploring the universe! All under the cover of anonymity!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, Shally said:

I'm thinking of doing a fresh install of Windows, would you agree?

I would do a fresh install, followed by changing all of the passwords to all of your accounts, as well as all of your network credentials (wifi password, admin password for the router, etc.).  This is because (clearly) they were able to get in, and thus know how, and thus a change is necessary to prevent that from immediately happening again, plus the fact that you don't know what other credentials may have been stolen while they were connected.

 

I would then have a thorough look through the router settings to see if anything could be tightened.  No port forwarding, no UPnP, etc.  This is key - never mind that it asked and that you clicked accept when you could/should have clicked deny - it should not have been possible for someone to even make it prompt you in the first place.  By the time that happened your security had already failed.

 

Finally, assuming you don't use remote desktop yourself, I would disable it in Windows.  Never hurts to have an extra little bit of protection, if not against others, at least against yourself :P

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Windows

×