Black Friday

Big Savings, No Waiting

ANYDESK system breach

Posted 2/10/2021 11:25 PM
#130438
User avatar

TomJVV Valued member

Date Joined Nov 2016
Total Posts: 19
running WIN10 on Lenovo M93 tower

3 adult users. Nobody can remember downloading any progams, free or otherwise.

Chrome, Edge or IE



A couple days ago we noted unusual activity on our bank.  Funds being tranfered via Zelle to strangers.

We took care of that.  Then noted hundreds of dollars in Amazon gift cards being emailed to strangers.

We took care of that.

Several other attempted account breaches.



We thought it was something to do with new cell phones, but it wasn't (that's another story).

One user noted the computer running applications on it's own.  Then, noted instances of anydesk app running.

We have no idea where this came from, how it initiated, how they got thru the fire wall, how it wasn't caught by anti-virus apps etc.



Today, I searched the PC for anydisk files; There was only that single .exe.  There was an empty anydisk folder (users folder?)

I searched in control panel\installed programs. it's not installed, or doesn't show up. 

I ran MB in safe mode.  Found no threats.

I checked all browsers for odd add-ons. Negative.  Only one or two familiar items; like adobe.

I located a log app, but couldn't find any useful information.  I located a bunch of "warning" signin entries tho. 



Any advice appreciated.  Thanks in advance.



 
Posted 2/11/2021 9:24 AM
#130443
User avatar

Andreea-Luciana Ostache Advanced member

Date Joined Nov 2016
Total Posts: 879

Hi Tom and welcome to our forum!

I am sorry to hear about your troubles.

Before digging into your device, let's discuss the banking incident first. If your account data was stolen in a data breach and posted somewhere on the dark web, you and your fellow adults may want to start changing your account passwords with something more secure. Especially bank credentials, or credentials from your normal online shops. The most common bank hijacking attack takes place after someone gives out their details on a phishing page and since COVID started, this type of attack has been flourishing.

Now for your device, let's see if we find anything suspicious:




  1. Download the Farbar tool from the BleepingComputer forum

  2. You will need to allow it access in all prompts you will get (browser > Keep, your antivirus, your firewall, etc). Make sure you save it in a folder from which you can easily find it.

  3. Check all the boxes of the tool and press the Scan button.  Allow it to finish. It will create three log files, in the same folder in which you have saved the tool. Close the tool afterwards.

  4. Upload all three logs via wetransfer.com. In the upload box on the We Transfer page, click on the circle button with three dots in it and choose "Get Link". Provide the link to me, so I can read your logs.


The logs should not contain any personal information, but you should want to check them and make sure!
Andreea-Luciana Ostache
Support Team Leader
support@bullguard.com
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, November 30, 2021, 10:45 AM (GMT +1)
There are a total of 61,939 posts in 13,683 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,655 registered members. Please welcome our newest member, Vina.
50 Guest(s), 0 Registered Member(s) are currently online.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.