Was my laptop hacked?

In brief: my laptop played up a lot (text diminishing with scrolling and not going to sites) so I shut it down. When I went to open it again (after a few seconds), I noticed that the password window now had SWITCH USER symbol next to it! It never does this.

Why I'm wondering....yesterday I chatted to someone (that I didn't know) in PM on a chat site. He asked for a photo and provided a link that I could click on to download one of my photos in my file. The link he gave just went to a white screen with 2 tab buttons - one said "file" (I think) and the other one said "upload". Eventually I managed to send him a file that had my photo.

Today I had the experience of my laptop playing up (e.g. text diminishing with scrolling and not going to sites - just tabs above that I had to click on to get to the sites). After shutting down and reopening - and noticing the worrying SWITCH USER sign underneath my password window....I went to the chat site and saw that this person was now there. Perhaps a coincidence. I should add that he was nice and we left on amicable terms and that it was a spiritual chat site...so am not unduly suspicious.

Could someone hack into my pc by my giving them my photo in the way I had done? He only knows my user name and my pc password is an unusual 8 letter word. Also I have no online banking facilities, so not worried about money going missing. Should I be worried or is the SWITCH USER symbol something that occurs once a pc plays up?

What could a hacker do if they got in? (I have hidden my trash can symbol).
«1

Comments

  • chrisjrchrisjr Posts: 33,282
    Forum Member
    ✭✭✭
    Oh dear.

    Never ever click on a link in a message from some random person you find on the interweb. It could have installed who knows what nasty. Or it may have been totally innocent.

    It would be well worth scanning with your AV and Malwarebytes just to be on the safe side.

    Switch User is a standard part of Windows. it doesn't necessarily indicate anything untoward.
  • evil cevil c Posts: 7,833
    Forum Member
    I concur with chrisjr's opinion you should NEVER click on a link like you did. What were you thinking? You don't know this person from Adam. Do you make a habit of trusting complete strangers?

    Which Windows operating system (OS) do you have? You should disable Remote Assistance to stop anyone gaining access to your computer from another computer on the net. On Windows 7 the path would be Control Panel/System/Remote Settings. Then uncheck Allow Remote Assistance connections to this computer, then Apply then OK.

    Again depending on your OS you should have User Account Control settings on the highest level of protection - Always notify me.
  • jsmith99jsmith99 Posts: 20,382
    Forum Member
    ✭✭✭
    Many chat sites have provision for a person to send a file via the chat site itself. That way, they don't give the other party their IP (their unique location) .

    Sending it through somewhere else allows the other party to find your IP, plus often your approximate location.

    Unless you play safe by running in a limited user, so that files can be installed on your computer only if you input the admin password. It's a bit of a nuisance at times, but gives a good level of protection ... and peace of mind.

    As chrisjr says, run your AV checker and malwarebytes.
  • amyawakeamyawake Posts: 7,846
    Forum Member
    evil c wrote: »
    I concur with chrisjr's opinion you should NEVER click on a link like you did. What were you thinking? You don't know this person from Adam. Do you make a habit of trusting complete strangers?

    Which Windows operating system (OS) do you have? You should disable Remote Assistance to stop anyone gaining access to your computer from another computer on the net. On Windows 7 the path would be Control Panel/System/Remote Settings. Then uncheck Allow Remote Assistance connections to this computer, then Apply then OK.

    Again depending on your OS you should have User Account Control settings on the highest level of protection - Always notify me.
    Well I am not techno savvy and did not think that a person accessing a photo (in the way I described above) would lay bear or render my pc vulnerable. As mentioned, it was a spiritual chat site and no, I have never done this before.

    I found the remote assistance link. It went to a UAC window that asked if I wanted to allow the following programme to make changes...I was hesitant about proceeding. Is it OK/right to say yes? What then happens?
  • evil cevil c Posts: 7,833
    Forum Member
    Just wanted to say that if you only met the other person yesterday it's a bit early to be swapping pics. If you must do it though next time upload your pic to an image hosting site and send the person the link.

    If he has gained remote access to your PC and your security is lax then he could have looked at all your files, changed your settings etc.
  • amyawakeamyawake Posts: 7,846
    Forum Member
    jsmith99 wrote: »
    Many chat sites have provision for a person to send a file via the chat site itself. That way, they don't give the other party their IP (their unique location) .

    Sending it through somewhere else allows the other party to find your IP, plus often your approximate location.

    Unless you play safe by running in a limited user, so that files can be installed on your computer only if you input the admin password. It's a bit of a nuisance at times, but gives a good level of protection ... and peace of mind.

    As chrisjr says, run your AV checker and malwarebytes.
    Well, he originally gave me his email address to send the photo but I wasn't sure whether to proceed (since it would involve him knowing my email address). It was after this that he hit on the method described in my OP. This chat site has no facility for sending a file. We were in PM together when he gave me the link.

    What is a limited user? I will do a quick malwarebyte scan soon. I am not unduly worried though...what could a hacker do (given that I have no online banking facilities which is usually what they want)?
  • amyawakeamyawake Posts: 7,846
    Forum Member
    evil c wrote: »
    Just wanted to say that if you only met the other person yesterday it's a bit early to be swapping pics. If you must do it though next time upload your pic to an image hosting site and send the person the link.

    If he has gained remote access to your PC and your security is lax then he could have looked at all your files, changed your settings etc.
    No I didn't meet him yesterday...we went to PM yesterday. What is an image hosting site? (Sorry I have very basic IT knowledge).

    How would I know if he had changed my settings?
  • evil cevil c Posts: 7,833
    Forum Member
    amyawake wrote: »
    Well I am not techno savvy and did not think that a person accessing a photo (in the way I described above) would lay bear or render my pc vulnerable. As mentioned, it was a spiritual chat site and no, I have never done this before.

    I found the remote assistance link. It went to a UAC window that asked if I wanted to allow the following programme to make changes...I was hesitant about proceeding. Is it OK/right to say yes? What then happens?

    Yes you should proceed. UAC is set up to protect you the user, to notify you that a program is trying to install software or make changes to the computer, or that you want to change settings.

    You should go into UAC and see what it does and you should educate yourself as to how your operating system works either by looking for eg an idiot's guide to Windows 7 or looking for a book in your local libraries.

    I'd be just as wary of a spiritual chat site as I would be of any other site. Anyone could join the site and prey on the innocent just like kids get preyed on via chat sites.
  • amyawakeamyawake Posts: 7,846
    Forum Member
    OK so I've been told off!

    Just did a McAfee virus scan - nothing.

    Did a Malwarebyte quick scan. This was after it said malwarebyte was 8 days outdated...so I updated it. Had only 1 virus PUP optional - recycle bin...sounds harmless? Obviously I deleted it and went to quarantine to further delete it there.

    I am now on free version of malwarebyte so it doesn't tell me when it needs updating...how often should this be checked?

    Given what I say here/what I have found...need I still to do the Remote Assistance thing (#3) ?
  • evil cevil c Posts: 7,833
    Forum Member
    Ok sorry I accused you of moving too fast sending your pic. What's an image hosting site...well the clue's in the title. It's a site where you can post images that others can see. Why don't you Google 'image hosting site'? I know you only have basic IT knowledge amyawake and it's up to you to empower yourself and learn a little bit more. Give you more confidence it would (as Yoda might say).

    If he has changed your settings, which he probably hasn't, then there might be differences when you use them as to how they were before. Don't worry it'll probably be alright.

    I can kill 2 birds with 1 stone here. You should update Malwarebytes every 3 to 4 days. I do anyway. You can set a warning to remind you if you go to the Settings tab.

    Yes you can definitely uncheck Remote Assistance. Why wouldn't you want to do it?
  • mred2000mred2000 Posts: 10,050
    Forum Member
    ✭✭
    amyawake wrote: »
    Just did a McAfee virus scan - nothing.

    Doesn't mean much. I wouldn't trust McAfee to find Wally on a page that only includes Wally in the middle of a white void...

    OK, its 'probably' not that bad... probably...
  • evil cevil c Posts: 7,833
    Forum Member
    Just remembered you were worried about him seeing your email address. You can set up a temporary email account with no personal details, for example here at Hushmail: https://www.hushmail.com/
  • mred2000mred2000 Posts: 10,050
    Forum Member
    ✭✭
    evil c wrote: »
    Just remembered you were worried about him seeing your email address. You can set up a temporary email account with no personal details, for example here at Hushmail: https://www.hushmail.com/

    Or set up countless numbers of email accounts with made up details on gmail or outlook.com...
  • amyawakeamyawake Posts: 7,846
    Forum Member
    evil c wrote: »
    Just remembered you were worried about him seeing your email address. You can set up a temporary email account with no personal details, for example here at Hushmail: https://www.hushmail.com/
    Ah thanks for this (will note in case I need to use it in the future). No this was one point in which I was a bit savvy....i.e. before giving me the white screen link (with upload), he had given me his email address (for me to send my photo this way). I hesitated (didn't take him up on this) since it would entail me giving him my email address. You see? Have got a little sense. By the way, I'm pretty smart...just not techno savvy!
  • amyawakeamyawake Posts: 7,846
    Forum Member
    evil c wrote: »
    Ok sorry I accused you of moving too fast sending your pic. What's an image hosting site...well the clue's in the title. It's a site where you can post images that others can see. Why don't you Google 'image hosting site'? I know you only have basic IT knowledge amyawake and it's up to you to empower yourself and learn a little bit more. Give you more confidence it would (as Yoda might say).

    If he has changed your settings, which he probably hasn't, then there might be differences when you use them as to how they were before. Don't worry it'll probably be alright.

    I can kill 2 birds with 1 stone here. You should update Malwarebytes every 3 to 4 days. I do anyway. You can set a warning to remind you if you go to the Settings tab.

    Yes you can definitely uncheck Remote Assistance. Why wouldn't you want to do it?
    OK note what you say and will gen up a bit. Tried to do the update setting on malwarebytes; it's already ticked for download and install programme update, and ticked for notify me when ready to update. When I clicked on activate, it went to a window requiring my product ID and key???? Have no clue how to proceed with that. If update is clicked, then why didn't it update me?

    Have disabled the remote assistance successfully.

    Thanks for your help.
  • jsmith99jsmith99 Posts: 20,382
    Forum Member
    ✭✭✭
    amyawake wrote: »
    Well I am not techno savvy and did not think that a person accessing a photo (in the way I described above) would lay bear or render my pc vulnerable. As mentioned, it was a spiritual chat site and no, I have never done this before.

    I found the remote assistance link. It went to a UAC window that asked if I wanted to allow the following programme to make changes...I was hesitant about proceeding. Is it OK/right to say yes? What then happens?

    If it's not too personal a question, what's a 'spiritual chat site'? And I hate to be the bearer of bad tidings, but it's not unknown for people on chat sites to lie about things like their age, appearance, intentions, marital status .... very rare, but it does happen.

    A limited user is one who doesn't have the power to make changes to important settings, or to allow certain types of files to be installed on the PC.

    If you're asked to supply the admin password, then you're a limited user. At the stage you were at, you could have supplied the password, and it would then have opened a box where you could change the setting to "don't allow".

    So long as you know what's taking place, it's usually safe to put the admin password in. For example, to update Malwarebytes you need to open it as the administrator.

    It's when you're unexpectedly presented with the UAC that you need to think about why it's appeared, and whether you should allow it.
  • mred2000mred2000 Posts: 10,050
    Forum Member
    ✭✭
    jsmith99 wrote: »
    If it's not too personal a question, what's a 'spiritual chat site'?

    A chat-site linked to a spiritual website? Or just a chat-site for spiritual people... Could be religious, could be new-age... it's a wide-open field...
  • chrisjrchrisjr Posts: 33,282
    Forum Member
    ✭✭✭
    amyawake wrote: »
    OK note what you say and will gen up a bit. Tried to do the update setting on malwarebytes; it's already ticked for download and install programme update, and ticked for notify me when ready to update. When I clicked on activate, it went to a window requiring my product ID and key???? Have no clue how to proceed with that. If update is clicked, then why didn't it update me?
    That Activate button in Malwarebytes is to activate the full on paid for version. That is why it asks for an ID and code (which Malwarebytes provide in exchange for 23 quid or thereabouts).

    Malwarebytes Free doesn't do any real background stuff. It will notify you if the databases are out of date beyond a preset time period whenever you run it, but it's entirely up to you if you want to update. It doesn't do it automatically.

    Similarly if the databases are only a couple of days out of date it might not pop up a warning at all. It is up to you to go to the Update tab in the main screen and click the button there.

    If you want background automatic updates then you will have to open your purse and lighten it to the tune of 23 pound coins :)
  • zx50zx50 Posts: 91,227
    Forum Member
    ✭✭✭
    mred2000 wrote: »
    Doesn't mean much. I wouldn't trust McAfee to find Wally on a page that only includes Wally in the middle of a white void...

    OK, its 'probably' not that bad... probably...

    Couldn't help laughing quietly to myself at that. :D I got rid of it and would never have it back on my system.
  • amyawakeamyawake Posts: 7,846
    Forum Member
    jsmith99 wrote: »
    If it's not too personal a question, what's a 'spiritual chat site'? And I hate to be the bearer of bad tidings, but it's not unknown for people on chat sites to lie about things like their age, appearance, intentions, marital status .... very rare, but it does happen.

    A limited user is one who doesn't have the power to make changes to important settings, or to allow certain types of files to be installed on the PC.

    If you're asked to supply the admin password, then you're a limited user. At the stage you were at, you could have supplied the password, and it would then have opened a box where you could change the setting to "don't allow".

    So long as you know what's taking place, it's usually safe to put the admin password in. For example, to update Malwarebytes you need to open it as the administrator.

    It's when you're unexpectedly presented with the UAC that you need to think about why it's appeared, and whether you should allow it.

    Well, since I have now disabled the remote assistance, I guess this should have solved this issue?

    A spiritual chat site is what it says on the tin,...i.e. a chat site for those who are spiritually minded. Yes, I realise that it can still not guarantee authenticity but I have good/developed intuition and I had had previous convos with this person before we entered into a long PM. It seems that nothing untoward has resulted e.g. only 1 virus in malwarebytes (recyclebin file) and my settings don't appear to be tampered with.

    I admit I was niaive and...I guess, lucky not to have been hacked.
  • amyawakeamyawake Posts: 7,846
    Forum Member
    chrisjr wrote: »
    That Activate button in Malwarebytes is to activate the full on paid for version. That is why it asks for an ID and code (which Malwarebytes provide in exchange for 23 quid or thereabouts).

    Malwarebytes Free doesn't do any real background stuff. It will notify you if the databases are out of date beyond a preset time period whenever you run it, but it's entirely up to you if you want to update. It doesn't do it automatically.

    Similarly if the databases are only a couple of days out of date it might not pop up a warning at all. It is up to you to go to the Update tab in the main screen and click the button there.

    If you want background automatic updates then you will have to open your purse and lighten it to the tune of 23 pound coins :)

    Thanks for the explanation chris...you are golden! :) :cool:
  • amyawakeamyawake Posts: 7,846
    Forum Member
    zx50 wrote: »
    Couldn't help laughing quietly to myself at that. :D I got rid of it and would never have it back on my system.
    Is it really so useless? I notice that the green tick goes grey i.e. (indicating a dubious site) quite easily which is somewhat confusing since this can just indicate that it doesn't recognise a site.
  • zx50zx50 Posts: 91,227
    Forum Member
    ✭✭✭
    amyawake wrote: »
    Is it really so useless? I notice that the green tick goes grey i.e. (indicating a dubious site) quite easily which is somewhat confusing since this can just indicate that it doesn't recognise a site.

    I don't want to advise others on what antivirus to use. I just didn't like it because it seemed to rate nearly every torrent site as a malicious site. It's as if it was biased against torrent sites. McAfee didn't have information about whether some sites were safe or not, which caused me to get paranoid about whether or not I should visit it anyway. This is just me though.
  • mred2000mred2000 Posts: 10,050
    Forum Member
    ✭✭
    zx50 wrote: »
    I don't want to advise others on what antivirus to use. I just didn't like it because it seemed to rate nearly every torrent site as a malicious site. It's as if it was biased against torrent sites. McAfee didn't have information about whether some sites were safe or not, which caused me to get paranoid about whether or not I should visit it anyway. This is just me though.

    It goes beyond torrents and websites with McAfee. For a long time it was peddled out as a freebie from various computer manufacturers when it was bloated and inept at it's main task. I don't honestly know how successful it is right now but it's failures in the past are enough to make me stay clear of it now.
  • spiney2spiney2 Posts: 27,058
    Forum Member
    ✭✭✭
    yeah all that and .......

    1 not necessarily a hack. switch user is a standard wndows prompt that might appear normally.

    2 8 characters is nothing. make it longer. and windows is very hackable. if this scares you then think about trucrypt whole disk encryption .......

    3 if system protection is currently working then restore to last automatic restore point. wont remove viruses but might get rid of system changes including new installed installed programs .......

    4 do complete scans for viruses and spyware and especially rootkits ..... many free utility programs available .....

    5 maybe install anvir task manager. shows everything running.

    6 maybe disk sentry free edition. this stops any software not on a "whitelist" from accessing your hard disk. see wikipedia article about it ......
Sign In or Register to comment.