Troubleshooting Unauthorized Remote Access: A Personal Account

In the realm of IT support, encountering unusual issues is not uncommon. However, some experiences can truly test our expertise and understanding. Recently, I faced a perplexing situation that left me both concerned and intrigued – unauthorized remote access to my system.

The Incident

One fateful day, I discovered that someone had remotely taken control of my computer, specifically gaining access through Firefox. The activities were unsettling:

• A new tab was opened in Firefox, which was already running.
• The individual initiated a search for Google, albeit with a misspelling.
• Finally, they searched for a specific name related to a cryptocurrency game.

Realizing the severity of the situation, I immediately took action by disconnecting my network cable. My subsequent steps included:

• Disabling remote access to my PC.
• Removing AnyDesk, which I previously used for work-related purposes.
• Conducting thorough scans with Malwarebytes and its rootkit scanner, both of which returned no results.
• Adjusting my local security policy to prevent network connections.
• Uninstalling recently added Software, including ClipClip and Winamp.

Despite ensuring that my Windows operating system was up-to-date and that I was using Windows Defender for antivirus protection, I couldn’t shake off the unease.

Seeking Answers

This situation left me with two pressing questions: How did this happen? and Why would someone search for that particular game? While determining how the breach occurred remains a mystery, the motivations behind the search intrigue me. I contemplated what would compel someone to look for a cryptocurrency game through my computer.

Given the circumstances, I decided that the safest course of action would be to reinstall Windows 10 entirely.

Community Insights and Updates

In the following days, I continued my investigation and sought guidance from online communities. As expected, no definitive cause was found. It seemed plausible that the issue stemmed from a browser extension, AnyDesk, or possibly more sinister malware. I appreciated the support I received during this troubling time and took additional precautions by limiting my browser extensions to just a few essential ones: LastPass, uBlock Origin, and DarkReader.

Also, as a safety measure, I began shutting down my PC when not in use and locking it whenever I left the room. I temporarily removed AnyDesk from my system but planned to reintroduce it cautiously, allowing outbound connections while blocking inbound access.

A Reoccurrence

One week later