ANYDESK system breach

running WIN10 on Lenovo M93 tower

3 adult users. Nobody can remember downloading any progams, free or otherwise.

Chrome, Edge or IE



A couple days ago we noted unusual activity on our bank.  Funds being tranfered via Zelle to strangers.

We took care of that.  Then noted hundreds of dollars in Amazon gift cards being emailed to strangers.

We took care of that.

Several other attempted account breaches.



We thought it was something to do with new cell phones, but it wasn't (that's another story).

One user noted the computer running applications on it's own.  Then, noted instances of anydesk app running.

We have no idea where this came from, how it initiated, how they got thru the fire wall, how it wasn't caught by anti-virus apps etc.



Today, I searched the PC for anydisk files; There was only that single .exe.  There was an empty anydisk folder (users folder?)

I searched in control panel\installed programs. it's not installed, or doesn't show up. 

I ran MB in safe mode.  Found no threats.

I checked all browsers for odd add-ons. Negative.  Only one or two familiar items; like adobe.

I located a log app, but couldn't find any useful information.  I located a bunch of "warning" signin entries tho. 



Any advice appreciated.  Thanks in advance.



 

Hi Tom and welcome to our forum!

I am sorry to hear about your troubles.

Before digging into your device, let's discuss the banking incident first. If your account data was stolen in a data breach and posted somewhere on the dark web, you and your fellow adults may want to start changing your account passwords with something more secure. Especially bank credentials, or credentials from your normal online shops. The most common bank hijacking attack takes place after someone gives out their details on a phishing page and since COVID started, this type of attack has been flourishing.

Now for your device, let's see if we find anything suspicious:

1. Download the Farbar tool from the BleepingComputer forum


2. You will need to allow it access in all prompts you will get (browser > Keep, your antivirus, your firewall, etc). Make sure you save it in a folder from which you can easily find it.


3. Check all the boxes of the tool and press the Scan button.  Allow it to finish. It will create three log files, in the same folder in which you have saved the tool. Close the tool afterwards.


4. Upload all three logs via wetransfer.com. In the upload box on the We Transfer page, click on the circle button with three dots in it and choose "Get Link". Provide the link to me, so I can read your logs.

The logs should not contain any personal information, but you should want to check them and make sure!