Addressing Unexpected Remote Access to Your Computer: My Experience with a Mysterious Intrusion

As someone who works in IT support, encountering technical issues is a part of my day-to-day routine. However, I recently faced a perplexing situation that has left me bewildered and seeking answers. Here’s my account of what transpired and the steps I’ve taken in response.

The Incident: Remote Control Over Firefox

One evening, I noticed that my computer was acting strangely. Specifically, I observed unknown remote access activity, particularly involving Firefox. Here’s a brief rundown of what I witnessed:

• A new Firefox tab was opened while the browser was already running.
• The intruder executed a search for Google, albeit with a misspelling.
• Following that, they searched for a specific cryptocurrency game.

In a panic, I swiftly pulled my network cable to stop any further actions and proceeded to make a series of security adjustments:

• Disabled the remote access feature on my computer.
• Uninstalled AnyDesk, which I use for professional purposes.
• Conducted malware scans using both Malwarebytes and the Malwarebytes rootkit scanner, yielding no results.
• Adjusted my local security policy to restrict network connections.
• Removed any recently installed software, including ClipClip and Winamp.

It’s worth noting that my Windows operating system was completely updated, and I rely on Windows Defender for antivirus protection.

Questions Arising: How and Why?

Reflecting on this incident, I’m left with two burning questions—how did this happen, and why would someone search for that particular game? While the “how” may be challenging to decipher, the “why” intrigues me even more.

Moving forward, I’ve decided to reinstall Windows 10 as a precaution. However, I am keen to gain deeper insights into what occurred.

Updates and Steps Taken

To ensure my system’s integrity, I’ve taken a few additional steps:

• I eliminated all browser extensions except for LastPass, uBlock, and Dark Reader.
• I’ve adopted a more vigilant approach by shutting down my computer when not in use and locking it every time I step away.

Although I removed AnyDesk for now, I am considering reinstating it for outbound connections while blocking all inbound access. Should this issue resurface, I know I can seek further assistance.

A Week Later: The Issue Persists

In a surprising turn of events, I experienced another instance of this unauthorized access within a week, despite implementing these