Does anyone have a good checklist or list of things to look for after a remote actor got access to a Win10 system?
I would consider this a grey hacking incident. A relative tried to fix their printer. Somehow got directed to a company, lets call them VZone Solution. Now VZone. Seems reputable: website, DNS, phone numbers, social media etc. Sort of checks out minus the phone number being register to a Chinese company and the company having a bunch of main locations, including Delhi, Vancouver, Washington etc.
Anyway, they actually fixed my pop’s computer… with remote access. They installed new drivers for the printer and charged his credit card 350 bucks. I gave them a call. They answered, when I told him his actions were predatory the guy offered a refund if we waited 5 days.
Of course we the credit cards are going to be canceled and changed. I took off work to head over to their house to do a post-mortem today. I plan on doing the normal checks – check firewall, Windows Defender, Malwarebytes, suspicious programs.
I was wondering if there were any other things I should look for?