From: Paul@Houston.Texas   
      
   sticks wrote:   
   > On 1/16/2026 1:36 PM, VanguardLH wrote:   
   >> sticks  wrote:   
   >>   
   >>> I have been struggling since having full knee replacement 16 days ago.   
   >>> Inadequate pain mediation for the first week, then the haze and fog of   
   >>> continual medication usage.  For the most part I realize I shouldn't be   
   >>> doing anything that would require a proper mindset.  That said...   
   >>>   
   >>> Today I received an email that looked like it was from Social Security   
   >>> Administration.  It had a link to download your statement which I   
   >>> unbelievably clicked.  I went to downloads and there was an .exe file in   
   >>> there.  I thought that was odd so I did a Defender scan on it and it   
   >>> said it was OK.  Much to my amazement now, I clicked on it and it   
   >>> installed something in the background and never did come back to show me   
   >>> my statement.  By now I was starting to realize I fucked up and started   
   >>> looking for what to do.   
   >>>   
   >>> I went in the settings/apps and there was a new app for remote desktop   
   >>> and also remote printing which I uninstalled.  I also uninstalled   
   >>> another remote desktop thing that looked like it was the MS proper app,   
   >>> but since I don't need that on this box I also uninstalled that.   
   >>>   
   >>> I did the full Defender scan and it said nothing found.  I then did the   
   >>> offline Defender scan that is supposed to find and rid the system of   
   >>> more difficult things.  It also found nothing.   
   >>>   
   >>> Damn box is only a month old and I do have an image from when I got it   
   >>> all set up that I could use.  But, I'm wondering if these defender scans   
   >>> have come back negative, and I did remove the program I stupidly let   
   >>> them install, is it possible I got this all removed before any real   
   >>> damage could be done?  What would I look for if they got in, and is   
   >>> there anything else I could do to make sure I'm clean other than using   
   >>> my backup image?   
   >>>   
   >>> My head hurts....   
   >>   
   >> Best: Image backups.  You said you have one, but maybe a month old.   
   >>   
   >> Second best: System Restore, if you have restore points.   
   >>   
   >> Third best: Reset Windows.  You won't lose much after just 1 month.   
   >>   
   >> I'd be leery of anything that installed for remote access.  Could've   
   >> been they already stole your data files (docs), so your exposure depends   
   >> on what sensitive info is in your docs.  They most likely focus on the   
   >> [My] Documents folder as looking anywhere else might expose their   
   >> scanning and grabbing.   
   >   
   > For now I did a system restore and monitoring.  Thank you!   
      
   Similar to Vanguard...   
   When I make mistakes like that I do a system restore then fully scan   
   both powered up drives from a Linux USB boot stick with Kaspersky Rescue   
   disk.  There are probably other scanners that use USB boot sticks.   
   Depending on drives, it may take 4 to 12 hours for the scan.   
   For mild concerns I use Eset online scanner... there are others.   
   Remember, not all scanners are the same.   
   If I am still concerned then I will restore from a weekly image or clone   
   that is unplugged until needed.   
      
   Knees:  A co-worker has had both knees replaced in the last few years.   
   He can play tennis again... and usually beats me.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)