Did I just got hacked? Help?!

[Mysterion04]

Hi, i hope I'm right here, otherwise please swap it to the right thread. Thanks

So I was just rendering something on my PC, then all of a sudden, my internet explorer opened a site. I think i saw something about Pubg battleground (never played it), maybe the official site, I don't know, and a small window with paypal, where you have to put in your code which you get on your phone to log in. At the same time my phone got 2 messages with 2 different codes to log in, into paypal.

So I immidiantly closed the paypal window and the browser and shut down the PC. It was kind of a struggle, cause it felt like someone was steering my PC, kinda like with teamviewer or something. But I don't have any of those programs installed! So like i said i shut down my PC and my phone for like 30 minutes. I didn't had the "hacker attack" since then, but was this shit? And what do I have to do now? Should I make a new clean Windows 11 `? And make a new fresh installation on my phone too? Or do I have to change my passwords on google/gmail, paypal etc.. whatever? Or both?
Can someone help me or give me tipps? And tell me what that was

 

Thank you

[ItTakes2ToMango]

Change your passwords now

[LiamApex]

Change passwords NOW. if your bank details are on paypal, get a new card. reinstall windows on your PC. do not attempt to recover the isntall, you could end up far worse. just reinstall windows, change all your passwords. dont log into an account without changing its password.

[da na]

That doesn't just happen out of nowhere, you had to have had something on your PC prior to this. Scan for malware, browser hijackers, et cetera with the Malwarebytes free trial.

[Sawa Takahashi]

I am kind of paranoid when it comes to security so, yes I would do all the measures you mentioned and then some more. I would run the computer offline to back up important data and then nuke all the drives. Feel free to do less at your own risks  

As for what happened, it is hard to say without knowing all your setup and your habits. It could be an e-mail you received that installed malware to act as a pseudo teamviewer. It may also be an attack from internet if your router isn't secure enough or if your ISP isn't secure enough.

Hope that helps.

[Agall]

1 hour ago, Mysterion04 said:

Hi, i hope I'm right here, otherwise please swap it to the right thread. Thanks

So I was just rendering something on my PC, then all of a sudden, my internet explorer opened a site. I think i saw something about Pubg battleground (never played it), maybe the official site, I don't know, and a small window with paypal, where you have to put in your code which you get on your phone to log in. At the same time my phone got 2 messages with 2 different codes to log in, into paypal.

So I immidiantly closed the paypal window and the browser and shut down the PC. It was kind of a struggle, cause it felt like someone was steering my PC, kinda like with teamviewer or something. But I don't have any of those programs installed! So like i said i shut down my PC and my phone for like 30 minutes. I didn't had the "hacker attack" since then, but was this shit? And what do I have to do now? Should I make a new clean Windows 11 `? And make a new fresh installation on my phone too? Or do I have to change my passwords on google/gmail, paypal etc.. whatever? Or both?
Can someone help me or give me tipps? And tell me what that was

 

Thank you

I've seen remote access trojans stored in Appdata several times that establish a TCP connection to a remote server. I'd usually find them using Resource Monitor. It won't be an installed application but simply a .exe operating in the background. They'll usually just sit and wait for useful information to steal but sometimes move the mouse to make sure its still connected if you're idle too long.

 

I'd usually find them in C:\users\username\appdata\roaming or local\apps, then nested down a dozen folders. It would try to disguise as a Microsoft Store Application in terms of file structure.

 

If that's stuff you're not familiar with, simply do an offline Reset this PC. Offline so the malicious actor doesn't try to stop it. 

[Mark Kaine]

6 hours ago, Sawa Takahashi said:

I am kind of paranoid when it comes to security so, yes I would do all the measures you mentioned and then some more. I would run the computer offline to back up important data and then nuke all the drives. Feel free to do less at your own risks  

As for what happened, it is hard to say without knowing all your setup and your habits. It could be an e-mail you received that installed malware to act as a pseudo teamviewer. It may also be an attack from internet if your router isn't secure enough or if your ISP isn't secure enough.

Hope that helps.

here's a hint, call it life hack, etc: if you have a virus and "back it up" .... then you still have the virus!

 

"backing up" anything while you know or suspect to have a virus/etc is *exactly* what you shouldn't do lmao.

[Mark Kaine]

7 hours ago, Mysterion04 said:

Can someone help me or give me tipps

before you do anything else run malwarebytes (free trial), FULL scan including rootkit on ALL drives

[Poinkachu]

15 minutes ago, Mark Kaine said:

before you do anything else run malwarebytes (free trial), FULL scan including rootkit on ALL drives

7 hours ago, da na said:

That doesn't just happen out of nowhere, you had to have had something on your PC prior to this. Scan for malware, browser hijackers, et cetera with the Malwarebytes free trial.

I'm just gonna add :

Disconnect from internet before doing this or doing any kind of things that isn't a complete format & reinstall windows.

 

Although OP, if you don't care for anything at all in your PC.

Just purge them all, heck, I will doubt the safety for things stored even in non C: partition in case like yours

 

19 minutes ago, Mark Kaine said:

"backing up" anything while you know or suspect to have a virus/etc is *exactly* what you shouldn't do lmao.

I agree

There is ways to make it more secure, but yeah.... I honestly doubt OP will be able to do it well.

[Mark Kaine]

4 minutes ago, Poinkachu said:

I'm just gonna add :

Disconnect from internet before doing this.

 

Although OP, if you don't care for anything at all in your PC.

Just purge them all, heck, I will doubt the safety for things stored even in non C: partition in case like yours

well yes and no... problem is malwarebytes needs to download av definitions to function...

so at that point you just have to hope there aren't any shenanigans going on. 

 

basically even if mwb comes clean, that doesn't mean anything,  lack of evidence is no evidence. you just gotta hope it actually finds something lol. ¯\_(ツ)_/¯ 

[Poinkachu]

3 minutes ago, Mark Kaine said:

well yes and no... problem is malwarebytes needs to download av definitions to function...

so at that point you just have to hope there aren't any shenanigans going on. 

 

basically even if mwb comes clean, that doesn't mean anything,  lack of evidence is no evidence. you just gotta hope it actually finds something lol. ¯\_(ツ)_/¯ 

Ah right. Forgot that today's MWB needs internet connection to install. what I hate from nowadays installer.....

 

IMO though, he should just nuke every darn thing since it sounds very severe already.

[Sawa Takahashi]

17 hours ago, Mark Kaine said:

here's a hint, call it life hack, etc: if you have a virus and "back it up" .... then you still have the virus!

I hope you read the part about staying offline for doing the back up.

And once you got a running computer, you can then properly scan your backups for viruses and malware (still can be done offline).

As fun as it is to nuke drives without backing up data, users often request to keep at least some of that data. So, you need to consider a way to extract data as safely as possible.