Share via

I think I have a keylogger or something in my Windows 11 laptop.

Anonymous
2024-03-23T12:09:35+00:00

Hi,

I woke up today in the morning and I saw an E-mail from Google, saying that a suspicious login was detected at like 3 am. I was never awake at that time, and no one uses my laptop except me. I also saw that when I opened my laptop that my laptop was acting up a bit, so I opened task manager, and I saw that Edge was running some suspicious things in the background. I also remember yesterday that I had downloaded something and PuTTY configurator popped up and random Microsoft Edge windows started opening up (like 3 of them). So, I got suspicious that my laptop was hacked, And I got suspicious about Edge because of the task manager thing. I also saw that sometimes, task manager just randomly quit itself when i was doing something on it. I have tried EVERYTHING, I tried uninstalling Edge using PowerShell, did windows defender offline scan, windows defender full scan (which lasted hours), installed bitdefender and did full scan and checked many youtube videos. They found some threats but after removing them, there was no effect. I also noticed that the main browser i use (brave) was acting up a little, like the pop ups that ask for permissions for notifications flickering and when i typed in the url bar, the text flickered and moved back and forth a little. I still suspect the keylogger is there. Please help.

Windows for home | Windows 11 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-03-28T16:18:43+00:00

    Unfortunately, our device environment is not allowed use third-party communication tools.

    Some viruses can be very persistent and you may need to perform a full scan using several different types of protection software.

    One such type is Microsoft Safety Scanner.(for example only, does not imply exclusive use of this product)

    Microsoft Safety Scanner Download | Microsoft Learn

    Where necessary, you may need to perform a Windows reset or reinstallation, as described in the first response.

    Alternatively, you may need to completely disconnect physically from your network device and then install a new disk in your device and install new Windows on the new disk.

    • Custom or clean install At this point, we have exhausted all troubleshooting and I recommend that we try to perform a clean install to get your computer back into a working condition. Please ensure that you backup any important data, including Documents, Pictures, Videos, and more. After that, you can find instructions on how to install Windows 10/11 in the following article by MVP Andre:  How to: Perform a Custom Installation of Windows 11 and Windows 10 - Microsoft Community
    Disclaimer*: Please back up all your important data before performing it.*

    For virus issues stored on the old disk, you can contact a professional computer service store to assist you further.

    Was this answer helpful?

    0 comments
  2. Anonymous
    2024-03-25T08:14:45+00:00

    Hello,

    I checked my Instagram and found out that someone had logged in on Linux in Cape Verda. I logged them out and changed my password. I also saw that a day ago, someone uploaded a crypto scam YouTube video on my channel, thankfully, YouTube notified me about the suspicious login and I logged them out and deleted that video. I also went in cmd and ran 'netstat' and found some foreign addresses such as "a23-212-254-107" "227" "pnbomb-ad-in-f3" "edge-video-shv-01-bom1". The "a23-212-254-107" address is established, all the others are "time_wait" and "last_ack". Please help me to check if it's still there and if it is, help me to remove it. Also, is there any possibility that my PC has a RAT in it? Please help.

    Thank you.

    Update: I used tron to remove some viruses and it did remove some but I still think something might be on my PC. I also got an email from reddit saying that there's an account vulnerability and that it's been locked. I reset my password and logged all devices out. Please, if you have discord, or any other communication app, please, help me, because this virus/keylogger is just not getting out.

    Was this answer helpful?

    0 comments
  3. Anonymous
    2024-03-24T08:23:13+00:00

    Hi TacticoolOperator,

    Thank you for getting back to us.

    "WDATPOnboarding" is an example and does not refer to an exact infection.

    In our device environment, "WDATPOnboarding" is associated with Microsoft Defender for Endpoint.

    Based on the files containing Chinese characters in the AppData directory that you mentioned, it is possible that there is indeed some sort of strange application on your device.

    In addition to the ideas mentioned above, if you need to further analyze the potentially relevant factors, you may need to use advanced tools to analyze the suspicious processes or services in detail when similar phenomena occur again.

    Process Explorer - Sysinternals | Microsoft Learn

    For detailed tips on how to use these tools, you can consult the more experienced community.

    Sysinternals - Microsoft Q&A

    Thanks for your patience and cooperation.

    Best Regards,

    Kyo - MSFT | Microsoft Community Technical Support

    Was this answer helpful?

    0 comments
  4. Anonymous
    2024-03-24T08:04:58+00:00

    Hello,

    I think the keylogger is gone now. I yesterday booted up my PC in safe mode and opened the "appdata" folder, where I saw a sketchy looking file with Chinese written on it, I deleted it, as well as all the temporary files in the appdata folder. I also checked task manager and saw that there was no network data sent. I booted up my PC in normal mode and everything seems fine now. I also checked in the event manager (because you told me) just to be safe and I searched for "WDATPOnboarding" (as you highlighted that in the image) and I didn't find anything. I think the infection is gone now, but if you have any suggestions to check if my PC still does have the keylogger or any other malicious software, please let me know.

    Thank you.

    Was this answer helpful?

    0 comments
  5. Anonymous
    2024-03-24T07:38:20+00:00

    Hi TacticoolOperator,

    Welcome to Microsoft Community.

    We understand your dilemma.

    It's important to take potential security threats seriously.

    If we need to further narrow down the scope of your analysis, we may need to check the situation in different modes, such as new local accounts, clean boot, and safe mode.

    Additionally, we may need to check for suspicious drivers or event logs.

    For the account itself, you may need to enhance your account security by changing your password or supplementing it with other secure authentication methods, if necessary.

    If these phenomena are collateral issues generated by hacking, completely disconnecting the device from the Internet physically will be the most important step.

    If the device is indeed affected by a malicious attack or potential malware, you may eventually need to consider resetting or reinstalling Windows to minimize the damage caused by the malicious attack.

    Disclaimer*: Please back up all your important data before performing it.*

    If I misunderstand your situation, feel free to correct me and share the information.

    Best Regards,

    Kyo - MSFT | Microsoft Community Technical Support

    Was this answer helpful?

    0 comments