Resolved Check Computer for Invaders

Is there any way to determine if someone is entering your computer via the internet? A friend got caught up in a scam via a phone number that popped up on the monitor. She can't remember anything they asked her to do that gave them access to her computer but she said she saw them move money from one account to another at her local credit union.
She realized something was wrong when they wanted her to stay on the phone until she was walking in the bank to authorize a wire transfer. She hung up on them and has been able to get things straight at the credit union and has not been out any money.
I ran Malwarebytes that found a number of things - PUPs mostly. I quarantined all of them. Malwarebytes gave me some places to look in the registry to see if anything was still lurking and I didn't find anything. I don't think they will be back to try again but I would like to check but don't really know how. Would have gone to Broni in the past.

 

Sometimes going to a bad site will cause this. FB is one of the sites that there is lot of scams on there and you don't know it till you click on it. Most of the time it tells you to call a number that is supposedly MS and they will fix your PC.

 

Steve,
That tab shows "Owner (62)" which I think means that the Owner is the only one using the unit and there are 62 processes open under that account.
Followup Question - If someone else accesses the computer, does their footprint remain in the Users tab or would it only show up during the time they are accessing the computer?

 

If the user keeps Windows and their security software current, it is very nearly impossible for anyone from the internet to gain access to the user's computer.

About the only way an unauthorized person could do that is if the user opened the door and let them in. That is, by the user clicking on an unsolicited link or popup that then lets the bad guy in.

The sad part is, bad guys (with the help of AI) have become very good at creating very convincing looking emails and popups that trick users into clicking those links. In the past, such scams were easy to spot due to misspelled words, poor grammar and obvious "lost in translation" errors. But AI has changed all that.

So it boils down to whether or not the email, download, popup or link was "solicited" by the user or not. If you or your friend initiated the contact with the credit union (or bank, insurance company, etc.), then the email, link etc. are solicited and most likely legitimate. HOWEVER, if, out of the blue, you or your friend receive an email from the credit union that claims something is wrong with the account, or some debt is due, or personal information needs to be updated or verified so "Click here to enter", DON'T DO IT! Immediately delete the email, close the window, back out of whatever you were doing. If still concerned, call the CU or bank via the phone numbers you already have for their contacts, or through their official websites.

The big RED FLAG for me in your question is you said your friend got caught by a phone number on her monitor. That's taking the bait. And by calling the number, that's swallowing the hook!

Thank goodness (or some guardian angel) she woke up in time before they conned her out of every penny she has.

Never, as in NEVER EVER call a phone number that pops up on your monitor. Do NOT be "click-happy" on any unsolicited link, popup, download, or attachment. Delete it and move on.

Smart move running Malwarebytes. Regardless your primary security software of choice, it is always wise to have and occasionally run a secondary scanner just to make sure the primary security solution or the user (ALWAYS the weakest link in security) didn't let something slip buy. I also use and recommend Malwarebytes for that.

That said, IMO, Malwarebytes can be a little too aggressive at times. My primary scanner on all my systems is Microsoft Defender and Malwarebytes has never found anything "malicious" Defender (or me) let slip by.

HOWEVER, it has on several occasions tagged "wanted" programs as PUPs (potentially unwanted programs) . Those false positives can be frustrating. In the future, instead of automatically quarantining them, check them out with your friend Bing Google. They may very well be safe.

Note Malwarebytes tagging a program as a PUP simply means the developers at Malwarebytes are not familiar with that program, or the developers feel the software should perform some function differently. But "unwanted" does NOT mean "unsafe". Every PUP Malwarebytes tagged on my systems were indeed safe and more importantly, wanted! So instead of quarantining them, I told Malwarebytes to allow them.

 

Thanks for the inputs. I feel pretty confident that all is well now as far as her computer is concerned and that she will probably not hear from the scammers again. I have marked this Resolved.