A Question about Malicious Remote Access

[Folcro]

Thank you in advance for any information you can provide.

My computer was behaving weirdly over the past few weeks, with my Chrome producing random popups even when I was not actively using it. I got a warning from certain online accounts of mine being accessed from other parts of the country, even was warned by Amazon of attempts to make fraudulent purchases on my account. I got a little worried but changed my passwords accordingly.

I came home one evening and noticed my internet was up with tabs I did not recognize, including an Amazon order that was archived so that I wouldn't see it, and an attempt to login to Kraken, which I do not use. Fortunately, the fool left those windows open. I had been trying to figure out for days how someone was gaining access to my Google and Amazon.

Standard malware scans turned up nothing, but I finally noticed in my Chrome extensions an extra ad block plugin called "adbloxx" and an unrecognized and obviously fake version of google docs. Naturally, I nixed them.

Here's my question:

Do the tabs appearing in my browser necessarily mean that my computer was subjected to remote access? There was a subtle settings change (my screen going off after a few minutes without activity) but probably a coincidental result of an update. Chrome had been accessed while my laptop was closed (and my desktop pc was asleep) and I am sure that I had been signed out of Windows when this happened, so maybe it was not my computer that was accessed but only Chrome (and the strange window with unfamiliar tabs was opened in a separate instance than one I had opened from earlier). I had also received messages from multiple outlets notifying me about a login from a different device, so maybe my actual equipment was not accessed, but I want to be sure, or at least surer than I am.

[Berny]

@Folcro  Welcome.

Please download and run AdwCleaner(*) as ADMIN.

1) ⚠️ Don’t fix eventual detections

2) Paste  the TXT Log in your next post

(*) No installation required.

[Folcro]

Thank you for the response. Here is the log; I should say that I have already deleted the Chrome extensions I mentioned.

Spoiler

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    10-25-2024
# Duration: 00:00:03
# OS:       Windows 11 (Build 22631.4317)
# Scanned:  32086
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

[Berny]

@Folcro

Please reset Chrome to default settings + reboot ?

[Folcro]

I think I have done all I can at this point, including those things. What would make me feel better is if I could attain some insight as to what has happened. I know I do not have much to offer in way of details, but does seeing strange tabs on chrome necessarily mean that my computer had been accessed remotely, or are there other ways for chrome to make that happen? It would give me some relief if I there is at least a possibility that the breach, which I suppose and hope is now sealed, did not penetrate deeper into my system than Chrome itself.

[Berny]

@Folcro

For privacy reasons we don't request system logs, please contact Kaspersky Technical Support
→ https://support.kaspersky.com/b2c/#contacts