Hi everyone! I think my work computer has been hacked. Since the end of October, it seems like someone has been using my PC remotely without my permission. I noticed this one day when my mouse started moving on its own and opened various files. I immediately shut everything down and unplugged the internet. After running a few scans, I found and removed two Trojans, and things calmed down for a bit. However, the intruder came back and tried to download something into our Google Chrome, prompting me to disconnect the internet again. Despite scanning with Malwarebytes, nothing else came up, and I have all remote access options disabled. My manager isn't taking this seriously, which is frustrating since we handle patient records. I feel like I'm left to resolve this on my own, so I'm reaching out for any advice on how to figure out how this is happening or how I can kick out this unwanted guest! For context, my PC is Windows 11 Pro, it's hardwired to the internet, and out of 12 computers in the office, mine is the only one being targeted. Any help would be appreciated!
4 Answers
If it’s just happening to your computer, there’s likely a significant issue that needs resolving immediately. Make sure to change any passwords on a different device and lock down your important accounts. Once you wipe the PC, setting everything up from scratch may be a hassle, but it's crucial if there's a serious breach.
You really need to get in touch with your IT department about this—unless your company is avoiding the expense. If that's the case, it's risky to keep using that computer. Maybe suggest to your manager that the issue could lead to serious HIPAA violations since you're accessing patient records.
Unfortunately, we don’t have an IT department. My manager is super hesitant to spend money on anything like that. He keeps saying he might just format the hard drive, but I don't feel comfortable handling the medical software setup again.
Wiping the PC and reinstalling Windows might be your safest option at this point. If someone has remote access, there could be backdoors that allow them to regain access even after removing the current threats. Disconnect it from the internet until it’s sorted out.
That sounds like a plan! So, when you say wipe, do you mean formatting the entire drive?
I can't stress enough the importance of disconnecting that PC from any network until you fully mitigate the threat. If you have important files, back them up on a clean, safe drive – just be careful not to transfer any executables that could be infected.
Thanks! I’m going to back up my files on a separate drive and keep it offline until I can get this fixed.
I appreciate the advice! I just wish the manager would realize how serious this is before we face any legal consequences.