Hello,
[Sorry if I posted this in the wrong section!]
I usually do not register on forums and solve most if not all issues by myself and google searching or forum lurking.
I find myself to be in a mess and I really don't know where to turn to.
It seems, after executing a certain exe. which instantly installed some sort of remote assistance tool ? I am being remotely "assisted". Had something to do with a VPN sort of tool - SoftEther VPN was called.
At any rate, I think at that time I also had a laptop on (from which I am now writing) connected to the same network as my desktop (the infected one) through WLAN. Would it be possible that also my laptop was infected in the process ?
As counter measures I've reinstalled my desktop and also reset my IP (I got that sort of internet provider that gives you another IP if you unpower and repower the router) but to my surprise, after I got on the new windows, suspicious activity was still recorded. Things like, I did not have permission to move a certain file on C, or "remote desktop connection" was seen in the start menu after a couple of minutes (as far as I know, this is no default option upon windows reinstall).
So having a persistent visitor even after format does upset me a bit. As far as my limited computers knowledge helps, they can track you either through IP, or MAC address of the hard drive. In this case - if, let's say I would get another HDD and renew my IP address with the trick I mentioned earlier (on-off router, new ip) and a fresh windows install, would that prevent further unwanted visits ? What about changing my actual MAC address and keeping my HDD, any suggestions?
To be honest, I really don't know how to tackle this issue, as this is my first real confrontation with such an attack. What would you guys recommend I should do?
Edited by hamluis, 10 November 2016 - 05:53 PM.
Moved from Win 7 to Am I Infected - Hamluis.