Navigating Unexplained Remote Access: A Personal Experience in IT Support

As an IT support professional, I pride myself on troubleshooting a wide range of technical issues. However, a recent encounter has left me perplexed and in need of community insights. I experienced an alarming incident involving unauthorized remote control of my computer, specifically through the Firefox browser. Let me share the details and my subsequent efforts to secure my system.

The Unsettling Incident

To paint the picture, I noticed some unusual activity on my device while Firefox was open. Here’s what transpired:

• An unidentified source opened a new tab within Firefox.
• They attempted to search for “Google,” albeit with a misspelling.
• Next, they searched for a specific name related to a cryptocurrency game before I intervened.

At this point, I realized that immediate action was necessary. Without wasting any time, I pulled my network cable and executed a series of protective measures, including:

• Disabling remote access settings on my PC.
• Uninstalling Anydesk, which I had been using for work purposes.
• Running scans with Malwarebytes and the Rootkit scanner (resulting in no detections).
• Modifying local security policies to restrict network connections.
• Removing recently installed software, including ClipClip and Winamp.

I verified that Windows was up-to-date, and I was relying on Windows Defender for antivirus protection.

A Two-Pronged Inquiry: How and Why?

As I delve deeper into this strange occurrence, two pressing questions remain: How did this happen? and Why did they choose to search for that particular game? While the “how” seems nearly impossible to trace, the “why” weighs heavily on my mind. What purpose did this intruder have in searching for a cryptocurrency game?

In light of these unsettling findings, I’ve decided to re-install Windows 10 to start with a clean slate. Yet, my curiosity drives me to learn more about this breach.

The Investigation Continues

After reflecting on my experience and the guidance received from online communities, I made a few additional changes. I’ve removed all browser extensions except for LastPass, uBlock, and Dark Reader. Moving forward, I’m committed to shutting down my computer when not in use and locking it whenever I leave the room. Though I’ve temporarily uninstalled Anydesk, I might consider reinstating it for outbound connections while blocking inbound access.

A Recent Development

A week later, I encountered another