You could check installed apps or programs to see if any remote access software has been installed.
If you open the run command and enter netplwiz [press return] does it show any users other than yourself.
Someone has a remote access to my PC, how to block them?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
I've experienced today a control takeover on my pc as i was doing my business, the hacker started typing chinese, opened a lot of windows, used the mouse. I've shut down the pc immediately and deactivated the WIFI. I've ran anti-malware scans but nothing to report here. I've digged into the event observer and with some internet articles, managed to find myself in the TerminalService - LocalSessionManager and discovered that a "defaultuser100000", a few minutes before the attack, launched the distant desktop service as i've undertood what i've read. See more here :
- <Event xmlns="**http://schemas.microsoft.com/win/2004/08/events/event**">
- <System> <Provider Name="Microsoft-Windows-TerminalServices-LocalSessionManager" Guid="{5d896912-022d-40aa-a3a8-4fa5515c76d7}" /><EventID>21</EventID><Version>0</Version><Level>4</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x1000000000000000</Keywords><TimeCreated SystemTime="2024-03-15T16:46:21.8921078Z" /><EventRecordID>6054</EventRecordID><Correlation ActivityID="{61a55000-55e5-1017-0000-000000000000}" /><Execution ProcessID="1152" ThreadID="1636" /><Channel>Microsoft-Windows-TerminalServices-LocalSessionManager/Operational</Channel><Computer>xxx</Computer><Security UserID="S-1-5-18" /></System>
- <UserData>
- <EventXML xmlns="Event_NS"> <User>DESKTOP-8BKLKN9\defaultuser100000</User><SessionID>1</SessionID><Address>LOCAL</Address></EventXML> </UserData>
</Event>
As it's not my username and my actual username appears clearly on other logs, i'm genuinely asking myself if i've spotted the guy. But something weird aswell is that it seems like at the PC start, a distant desktop session is opening ( i traduce from french but i read "Remote Desktop Services: successful login :" and "Remote Desktop Services: kernel startup notification received :" from my own username.
To sum up, i'm not suspecting a malware, it's there for sure but i would urgently need to know how to block any future remote access from the hacker. Thanks a lot!
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
7 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 96%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Neil D 33,005 Reputation points Volunteer Moderator2024-03-16T08:54:22+00:00 When you carried out a antimalware scan did you use Cyber Security Software and Anti-Malware | Malwarebytes if not download and carry out a scan.
Open Settings > System and select Advanced system settings (right hand pane under Related settings) Select the Advanced tab then User profiles and see what is listed. The first two are normal.
Also select the Remote tab and uncheck Allow remote Assistance connection.
To be honest the only way to be absolutely sure will be to clean install windows deleting all data on the internal drive.
-
Anonymous
2024-03-15T22:47:31+00:00 Thanks for your response. I just see myself conneted right now. But how to tell if this or that software isn't mimicking an official one ? And how to tell if x program has remote access permissions ? I have to say it's kinda scary to know that someone could get back to my session at anytime... :/
-
Neil D 33,005 Reputation points Volunteer Moderator
2024-03-15T22:54:45+00:00 Unless you have installed remote access software yourself there shouldn't be any installed.
Go to Apps and Features (right click start and it's at the top) then change the order to Date installed. Do you see anything unusual. If you wish you can take a screenshot and post it in your reply so it can be checked.
Or list what you see.
-
Anonymous
2024-08-05T08:05:26+00:00 hi
sorry for my intervention as i dont have experience in these things and i hope that your problem is solved by now!
your problem and this page popped-up on google while i was searching for protection over remotely access..
my question is , if i will need remotely assistants from someone over internet (OBD2 coding intervention that requires over internet remote access cession using windows10....
how can i protect my personale files from being accessed or hacked , etc?
is there is a way?
sorry again for the irrelative subject.
cheers
Ramban