Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AndreyKlimentiev692021-03-26 19:26:29
System administration
AndreyKlimentiev69, 2021-03-26 19:26:29

Remote substitution of system files, what to do?

Hello everyone, just learning to be a system administrator, but already faced a problem in the family: competitors first hacked mail (Yandex), and later established a remote connection on a PC.
It seems that all connections were banned through the Windows system services, so now they send files under the guise of Windows updates and the computer gives constant errors, writes about file substitution, problems with libraries, hives and the file system. The remote procedure call service, as I understand it, cannot be disabled. Where else could there be a loophole? There is already a ban on updates, background activity, remote control of windows, but still unknown game is loaded, constantly requests from remote servers. Hide PC name and change it along with IP?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
D
Dmitry, 2021-03-26
@q2digger

Remember the rule - a compromised computer should not be cleaned. If you want to understand the details - remove a copy from the disk, then a complete cleaning and installation again. Plus other measures to prevent the repetition of history - complex passwords, anti-virus protection, firewall, etc. etc.

Report
S
Sergey Karbivnichy, 2021-03-26
@hottabxp

and already faced with a problem in the family:
There are no family issues here.
competitors first hacked mail (Yandex)
Set the password a little more difficult than 12345, for example, at least 1234567, but rather more difficult. Link your phone.
And if this is a real question, and not the nonsense of a madman, then the only way to hack mail and PC is physical access to the PC (or you installed the left assembly of Windows, which you took in "these competitors"
The only solution is to reinstall windows from the original image.

Report
C
CityCat4, 2021-03-28
@CityCat4

what to do?

As a child, I really liked to give one answer to this question :)
Let's start with the fact that there are no competitors in the family :) First of all. To hack current mail, you must first infect the computer on which this mail is used - it probably all started with the fact that someone somewhere clicked on a link, and he worked with admin rights and password 123456 ...
I would be like this In this case, I completely formatted the disk and installed Windows again from the official distribution (and not from the "assembly from Vasyan")

Similar questions
L
LakeForest2022-01-17 14:02:30
How to write a class decorator to check that a class field has been initialized? 2Reply
S
Sylar Gray2014-07-02 22:49:16
How to search for similar records in mysql by possible similarity of 3 fields? 5Reply
I
Ilya bow2020-07-17 17:46:00
Is there a browser in which you can not see the saved password? Or how to make sure that the password could not be stolen? 7Reply
A
Alexey Parkhomenko2016-03-11 15:47:15
How to find vulnerabilities of YOUR site on joomla 2.5? 2Reply
D
Denis Sechin2018-07-31 15:36:33
Can't delete a folder that I own? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question