Experiencing Unauthorized Remote Access? Here’s What You Need to Know

As an IT support professional, encountering a situation where your system may have been compromised can be alarming and perplexing. Recently, I faced a troubling incident where I discovered unauthorized remote access to my computer, specifically through Firefox. Here’s what transpired, the actions I took, and some insights into addressing such issues.

The Incident

While working on my computer, I observed some unsettling activity in which someone appeared to be remotely controlling Firefox. Here’s a brief overview of their actions:

• An existing Firefox tab was utilized.
• The perpetrator attempted to search for Google in the address bar, making an initial spelling error.
• A specific cryptocurrency game’s name was searched.

Realizing the severity of the situation, I quickly disconnected my network cable and proceeded to implement a series of security measures:

Actions Taken

1. Disabled remote access to my PC.
2. Uninstalled AnyDesk, which I had been using for work purposes.
3. Conducted scans using Malwarebytes and the Malwarebytes Rootkit Scanner, which returned no results.
4. Adjusted the local security policy to prevent any network connections.
5. Removed recent installations of ClipClip and Winamp.

Despite my Windows installation being fully up to date and using Windows Defender as my antivirus software, I knew I needed to take further precautions.

Key Questions

This incident left me with critical questions. How did this happen? Identifying the exact method of access is challenging. But more importantly, why would anyone want to search for that specific game? The motivations remain a mystery.

To further enhance my security, I decided to re-install Windows 10 while seeking to understand potential vulnerabilities better.

An Update on My Findings

Since posting, I’ve continued investigating potential causes and may have pinpointed a few areas of concern. It’s possible that an extension, remnants of AnyDesk, or a more severe flaw could be at play. I sincerely appreciate all the advice I received from fellow community members.

To mitigate risks further, I’ve taken the following steps:

• Removed all browser extensions except for LastPass, uBlock, and Dark Reader.
• Established a routine of shutting down my PC when not in use and locking it every time I step away.
• Temporarily uninstalled AnyDesk while contemplating its controlled return for outbound connections, blocking inbound access.

A Disconcerting Follow-Up

However, a week later, I encountered similar