locked
Detecting background hijack RRS feed

  • Question

  • Is it possible for someone to access my system from remote location and operate in the background without detection? If so, how do I shut them down or know when they are in my system? Going thru a divorce and my laptop was accessed (opened and screws glued when replaced) while I was away, by my ex. I noted a lot of activity (directories and files dated while I was away)

    Thursday, July 23, 2015 6:27 AM

Answers

  • Hi thecowboy56,

    Your laptop is compromised. You must assume that the person who had access to your laptop, now has access to all the data that was present in the laptop at the time of intrusion.

    It is possible to plant all sorts of malware in a PC - key loggers, phone home apps and so on.I would recommend the following course of actions:

    1. Take the physical drive out of the laptop. You may connect your drive to an external USB enclosure and use this disk in another computer.

    2. Take a backup or image of your laptop disk.

    3. Now that you have backup, you may wipe clean your laptop disk.

    4. Install Windows and all the programs from original media.

    5. Install a good antimalware software.

    6. Take your laptop to a qualified service to be checked that it's hardware was not tampered with.

    • Marked as answer by thecowboy56 Monday, July 27, 2015 11:14 PM
    Thursday, July 23, 2015 7:20 AM
  • Hi thecowboy56,

    If you suspect the machine has been injected, we could perform a full scan with the antivirus software in safe mode.

    Usually we will get a log when a new user logon, we could to check the following for anyone using the machine when you are away.
    Event Viewer\Windows Logs\Security
    Check the Event ID "4624".

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by thecowboy56 Monday, July 27, 2015 11:10 PM
    Friday, July 24, 2015 10:13 AM

All replies

  • Hi thecowboy56,

    Your laptop is compromised. You must assume that the person who had access to your laptop, now has access to all the data that was present in the laptop at the time of intrusion.

    It is possible to plant all sorts of malware in a PC - key loggers, phone home apps and so on.I would recommend the following course of actions:

    1. Take the physical drive out of the laptop. You may connect your drive to an external USB enclosure and use this disk in another computer.

    2. Take a backup or image of your laptop disk.

    3. Now that you have backup, you may wipe clean your laptop disk.

    4. Install Windows and all the programs from original media.

    5. Install a good antimalware software.

    6. Take your laptop to a qualified service to be checked that it's hardware was not tampered with.

    • Marked as answer by thecowboy56 Monday, July 27, 2015 11:14 PM
    Thursday, July 23, 2015 7:20 AM
  • Hi thecowboy56,

    If you suspect the machine has been injected, we could perform a full scan with the antivirus software in safe mode.

    Usually we will get a log when a new user logon, we could to check the following for anyone using the machine when you are away.
    Event Viewer\Windows Logs\Security
    Check the Event ID "4624".

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by thecowboy56 Monday, July 27, 2015 11:10 PM
    Friday, July 24, 2015 10:13 AM
  • This sounds like what i am looking for. Let me know what to do.

    thanks again

    kevin

    Monday, July 27, 2015 11:13 PM