Intruder on PC?

robert hesner
robert hesner used Ask the Experts™
on
I have a win10 pc that was hacked, we had it cleaned and all the malwarebytes and norton scans show clean but we are having strange things like, programs being stopped (malwarebytes, norton, and system mechanic) outlook rules being setup to reroute the inbox to RSS feeds, etc. Is there any way I can tell if there is something that is letting someone obtain unauthorized access to the pc?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Managed IT Services, Cyber Security, Backup
Commented:
I have a win10 pc that was hacked, we had it cleaned and all the malwarebytes and norton scans show clean
when you say "cleaned" what exactly did you do? Just run scans or rebuild? Have you identified the threat? If not it may have never been cleaned. When I come across a hacked computer I remove it from the network, remove the data, scan the data, and completely rebuild the operating system from the bottom up. If I have a spare drive I use this. Once the data is scanned and found clean I move this back.

...we are having strange things like, programs being stopped (malwarebytes, norton, and system mechanic) outlook rules being setup to reroute the inbox to RSS feeds, etc.
programs stopping should be somewhat easy to trace with the log files. Have you checked the application logs? Outlook setting up RSS feeds is concerning. Can you shed more light on this. Did you create a new Outlook profile for the user or run virus scans and after coming back clean opened Outlook again. See above about rebuilding system.

Is there any way I can tell if there is something that is letting someone obtain unauthorized access to the pc?
Any additional programs running or installed? Run netstat commands to identify what ports are active and what .exe is listening on them. Have the output saved in log format.
Kesavan JeganarayananIT Consultant

Commented:
The Office 365 account might been compromised.
When an account is compromised RSS Feed is a common location as people rarely think to look in that folder when trying to find out where their messages are.

Please refer this links:

https://docs.microsoft.com/en-us/office365/troubleshoot/security/determine-account-is-compromised
https://blogs.technet.microsoft.com/office365security/how-to-fix-a-compromised-hacked-microsoft-office-365-account/
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
Anything regarding Office 365 change the password immediately. Also confirm an additional admin user wasn't created in the Office 365 portal.
John TsioumprisSoftware & Systems Engineer

Commented:
If you got "hacked" .....there is always a good chance that the "hacker" has some good " code" that's is probably invisible to most security measures.
If this is the case don't hesitate...just clean format your system and you would be good to go.
Getting "hacked" is a bit hard.. you must be somewhat high profile individual... probably you got a virus/malware that probably installed a backdoor for remote control
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

Commented:
Malicious people are always trying to find ways around protection software.  For the protection software to be effective, they have to 100% certain they are stopping the bad guys and there's just no way to do that.  If you're not 99.9% certain the machine is clean, then wipe it and reload it.  If you're REALLY paranoid, replace it.

THEN change all your passwords.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial