When i tried to install a commercial InternetSecurity package, it just stalled at 95% and became unable to install. I Strongly believe they used Bluetooth to get entrance, then created a backdoor, and as soon as i airgapped my system completely the weird behaviour stopped (keypresses, mousewheel. I also encountered weird behaviour like the scrollwheel on the mouse not working properly, and when i started to keep a certain key pressed (eg: keeping L pressed for a while) it seemed that the "intruder" wasn't liking this because i saw differenct characters popping between the L and my mouse arrow moved a few times while i didn't touch it at all. Before that there were UMFD logins AND Hex-string logins happening, even before i could login myself.
When i Log in now, the tool "LastActivityView" (free, from Nirsoft) now only shows userlogins for the account i actually logged in with. I've also seen this lately on my machines, and once i start removing/disabling some stuff, and create an air-gapped system, the logins stop happening. I am aware that fontdriver is a vector for malicious attach I've seen this in some vidclips that show u how to "circumvent" the logonscreen by changing a file that's used on the windows logonscreen to go "fix" the loginscreen and allowing the attacker to have direct admin rights.
0 kommentar(er)
