Yesterday I accidentally downloaded and ran a .exe file that installed the desired program(ESL Wire) among other things. The download was part of a Steam Trading scam that I was unaware of that involved me downloading an "anticheat" to join this guy's esea game so I could play as a ringer. I have run several antivirus scans in Malwarebytes which deleted some registry entries but none of the files i am suspicious of were deleted. This is because the files I'm suspicious of are from a legitimate company, Netsupport Ltd. I found this out by tracing a suspicious process named "clock.exe" that led me to a nearly empty folder called "Schema". The only file there was a .txt file that was a log of my keystrokes, mainly my Steam password. Because the folder was hidden, I went into the folder settings and had it unhidden which revealed the "clock.exe" app among several .dll and .ini files, all of which belonged to NetSupport. I'm not entirely sure how he got into my computer using only Netsupport but I think that Netsupport was downloaded in the background during the installation of ESL Wire, as the timestamps of some files match up to the ESL wire installation timestamps. I don't know what I'm missing and I don't really care right now about what happens to my steam items, I just want to make sure that this can't happen again on my computer.
Also, I'm running Windows 7 Home Premium SP1 64-bit and I forgot to include that I found a few loose files in my AppData folder that were suspicious as well. There was a text file with just my IP and a "clocker.exe" whose description is "Into darkness" and a copyright of "Forever alone insider". There is also an "insider.exe" and a text document with my google chrome's remembered passwords. In any file's security/permissions tab, there is an "unknown user" listed which makes me believe that he somehow used only netsupport to hijack my computer. Is that even possible?
Edited by rileyj223, 07 June 2015 - 02:25 PM.