I have been struggling since having full knee replacement 16 days ago. Inadequate pain mediation for the first week, then the haze and fog of continual medication usage. For the most part I realize I shouldn't be
doing anything that would require a proper mindset. That said...

Today I received an email that looked like it was from Social Security Administration. It had a link to download your statement which I
unbelievably clicked. I went to downloads and there was an .exe file in there. I thought that was odd so I did a Defender scan on it and it
said it was OK. Much to my amazement now, I clicked on it and it
installed something in the background and never did come back to show me
my statement. By now I was starting to realize I fucked up and started looking for what to do.

I went in the settings/apps and there was a new app for remote desktop
and also remote printing which I uninstalled. I also uninstalled
another remote desktop thing that looked like it was the MS proper app,
but since I don't need that on this box I also uninstalled that.

I did the full Defender scan and it said nothing found. I then did the offline Defender scan that is supposed to find and rid the system of
more difficult things. It also found nothing.

Damn box is only a month old and I do have an image from when I got it
all set up that I could use. But, I'm wondering if these defender scans
have come back negative, and I did remove the program I stupidly let
them install, is it possible I got this all removed before any real
damage could be done? What would I look for if they got in, and is
there anything else I could do to make sure I'm clean other than using
my backup image?

My head hurts....



--
Science Doesn't Support Darwin. Scientists Do.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

sticks <wolverine01@charter.net> wrote:

I have been struggling since having full knee replacement 16 days ago. Inadequate pain mediation for the first week, then the haze and fog of continual medication usage. For the most part I realize I shouldn't be doing anything that would require a proper mindset. That said...

Today I received an email that looked like it was from Social Security Administration. It had a link to download your statement which I unbelievably clicked. I went to downloads and there was an .exe file in there. I thought that was odd so I did a Defender scan on it and it
said it was OK. Much to my amazement now, I clicked on it and it
installed something in the background and never did come back to show me
my statement. By now I was starting to realize I fucked up and started looking for what to do.

I went in the settings/apps and there was a new app for remote desktop
and also remote printing which I uninstalled. I also uninstalled
another remote desktop thing that looked like it was the MS proper app,
but since I don't need that on this box I also uninstalled that.

I did the full Defender scan and it said nothing found. I then did the offline Defender scan that is supposed to find and rid the system of
more difficult things. It also found nothing.

Damn box is only a month old and I do have an image from when I got it
all set up that I could use. But, I'm wondering if these defender scans have come back negative, and I did remove the program I stupidly let
them install, is it possible I got this all removed before any real
damage could be done? What would I look for if they got in, and is
there anything else I could do to make sure I'm clean other than using
my backup image?

My head hurts....

Best: Image backups. You said you have one, but maybe a month old.

Second best: System Restore, if you have restore points.

Third best: Reset Windows. You won't lose much after just 1 month.

I'd be leery of anything that installed for remote access. Could've
been they already stole your data files (docs), so your exposure depends
on what sensitive info is in your docs. They most likely focus on the
[My] Documents folder as looking anywhere else might expose their
scanning and grabbing.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 2026-01-16 20:23, sticks wrote:

I have been struggling since having full knee replacement 16 days ago. Inadequate pain mediation for the first week, then the haze and fog of continual medication usage.ÿ For the most part I realize I shouldn't be doing anything that would require a proper mindset.ÿ That said...

Today I received an email that looked like it was from Social Security Administration.ÿ It had a link to download your statement which I unbelievably clicked.ÿ I went to downloads and there was an .exe file in there.ÿ I thought that was odd so I did a Defender scan on it and it
said it was OK.ÿ Much to my amazement now, I clicked on it and it
installed something in the background and never did come back to show me
my statement.ÿ By now I was starting to realize I fucked up and started looking for what to do.

Ok, for the next time: are you using an administrator login? Don't. This
is why.

In my country, the administration sends paper letters, not emails.

And then, one should check the domains of all emails and links. Windows software probably hides them.


--
Cheers, Carlos.
ES??, EU??;

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/16/2026 1:36 PM, VanguardLH wrote:

sticks <wolverine01@charter.net> wrote:

I have been struggling since having full knee replacement 16 days ago.
Inadequate pain mediation for the first week, then the haze and fog of
continual medication usage. For the most part I realize I shouldn't be
doing anything that would require a proper mindset. That said...

Today I received an email that looked like it was from Social Security
Administration. It had a link to download your statement which I
unbelievably clicked. I went to downloads and there was an .exe file in
there. I thought that was odd so I did a Defender scan on it and it
said it was OK. Much to my amazement now, I clicked on it and it
installed something in the background and never did come back to show me
my statement. By now I was starting to realize I fucked up and started
looking for what to do.

I went in the settings/apps and there was a new app for remote desktop
and also remote printing which I uninstalled. I also uninstalled
another remote desktop thing that looked like it was the MS proper app,
but since I don't need that on this box I also uninstalled that.

I did the full Defender scan and it said nothing found. I then did the
offline Defender scan that is supposed to find and rid the system of
more difficult things. It also found nothing.

Damn box is only a month old and I do have an image from when I got it
all set up that I could use. But, I'm wondering if these defender scans
have come back negative, and I did remove the program I stupidly let
them install, is it possible I got this all removed before any real
damage could be done? What would I look for if they got in, and is
there anything else I could do to make sure I'm clean other than using
my backup image?

My head hurts....

Best: Image backups. You said you have one, but maybe a month old.

Second best: System Restore, if you have restore points.

Third best: Reset Windows. You won't lose much after just 1 month.

I'd be leery of anything that installed for remote access. Could've
been they already stole your data files (docs), so your exposure depends
on what sensitive info is in your docs. They most likely focus on the
[My] Documents folder as looking anywhere else might expose their
scanning and grabbing.

For now I did a system restore and monitoring. Thank you!

--
Science Doesn't Support Darwin. Scientists Do.


--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

sticks wrote:

On 1/16/2026 1:36 PM, VanguardLH wrote:

sticks <wolverine01@charter.net> wrote:

I have been struggling since having full knee replacement 16 days ago.
Inadequate pain mediation for the first week, then the haze and fog of
continual medication usage.ÿ For the most part I realize I shouldn't be
doing anything that would require a proper mindset.ÿ That said...

Today I received an email that looked like it was from Social Security
Administration.ÿ It had a link to download your statement which I
unbelievably clicked.ÿ I went to downloads and there was an .exe file in >>> there.ÿ I thought that was odd so I did a Defender scan on it and it
said it was OK.ÿ Much to my amazement now, I clicked on it and it
installed something in the background and never did come back to show me >>> my statement.ÿ By now I was starting to realize I fucked up and started
looking for what to do.

I went in the settings/apps and there was a new app for remote desktop
and also remote printing which I uninstalled.ÿ I also uninstalled
another remote desktop thing that looked like it was the MS proper app,
but since I don't need that on this box I also uninstalled that.

I did the full Defender scan and it said nothing found.ÿ I then did the
offline Defender scan that is supposed to find and rid the system of
more difficult things.ÿ It also found nothing.

Damn box is only a month old and I do have an image from when I got it
all set up that I could use.ÿ But, I'm wondering if these defender scans >>> have come back negative, and I did remove the program I stupidly let
them install, is it possible I got this all removed before any real
damage could be done?ÿ What would I look for if they got in, and is
there anything else I could do to make sure I'm clean other than using
my backup image?

My head hurts....

Best: Image backups.ÿ You said you have one, but maybe a month old.

Second best: System Restore, if you have restore points.

Third best: Reset Windows.ÿ You won't lose much after just 1 month.

I'd be leery of anything that installed for remote access.ÿ Could've
been they already stole your data files (docs), so your exposure depends
on what sensitive info is in your docs.ÿ They most likely focus on the
[My] Documents folder as looking anywhere else might expose their
scanning and grabbing.

For now I did a system restore and monitoring.ÿ Thank you!

Similar to Vanguard...
When I make mistakes like that I do a system restore then fully scan
both powered up drives from a Linux USB boot stick with Kaspersky Rescue
disk. There are probably other scanners that use USB boot sticks.
Depending on drives, it may take 4 to 12 hours for the scan.
For mild concerns I use Eset online scanner... there are others.
Remember, not all scanners are the same.
If I am still concerned then I will restore from a weekly image or clone
that is unplugged until needed.

Knees: A co-worker has had both knees replaced in the last few years.
He can play tennis again... and usually beats me.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/16/2026 7:27 PM, Paul in Houston TX wrote:

sticks wrote:

---snip---

For now I did a system restore and monitoring.ÿ Thank you!

Similar to Vanguard...
When I make mistakes like that I do a system restore then fully scan
both powered up drives from a Linux USB boot stick with Kaspersky Rescue disk.ÿ There are probably other scanners that use USB boot sticks.
Depending on drives, it may take 4 to 12 hours for the scan.
For mild concerns I use Eset online scanner... there are others.
Remember, not all scanners are the same.
If I am still concerned then I will restore from a weekly image or clone that is unplugged until needed.

I was not happy with doing only the restore point, so I went ahead and restored the macrium image.

Knees:ÿ A co-worker has had both knees replaced in the last few years.
He can play tennis again... and usually beats me.

I am doing the best I can with the rehab exercises in hopes of being
able to hike like I used to. I've had a hip and both shoulders done,
and they are nothing compared to the knee replacement. Brutal!

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

sticks <wolverine01@charter.net> wrote:
[...]

I was not happy with doing only the restore point, so I went ahead and restored the macrium image.

Good on you!

As to potential theft of your data: In our country (The Netherlands)
we have an agency which keeps track of currently circulating spyware,
etc. and has information on what malware does what. If you still have
the e-mail (perhaps on your mail server (as you restored the Macrium
image)), you could use (the information in) it to - try to - put your
mind at ease.

Good luck.

[...]

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

On 1/17/2026 10:27 AM, Frank Slootweg wrote:

sticks <wolverine01@charter.net> wrote:
[...]

I was not happy with doing only the restore point, so I went ahead and
restored the macrium image.

Good on you!

As to potential theft of your data: In our country (The Netherlands)
we have an agency which keeps track of currently circulating spyware,
etc. and has information on what malware does what. If you still have
the e-mail (perhaps on your mail server (as you restored the Macrium
image)), you could use (the information in) it to - try to - put your
mind at ease.

Good luck.

I checked all the folders and unfortunately it got deleted permanently.
I like the idea of what they're doing. Crazy world where we have to do
things like this to protect ourselves from criminals stealing our stuff.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

In alt.comp.os.windows-11, on Fri, 16 Jan 2026 19:27:07 -0600, Paul in
Houston TX <Paul@Houston.Texas> wrote:

Knees: A co-worker has had both knees replaced in the last few years.
He can play tennis again... and usually beats me.

Wow. Do you think that would work for me?

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

In alt.comp.os.windows-11, on Mon, 19 Jan 2026 22:06:26 -0500, micky <NONONOmisc07@fmguy.com> wrote:

In alt.comp.os.windows-11, on Fri, 16 Jan 2026 19:27:07 -0600, Paul in >Houston TX <Paul@Houston.Texas> wrote:

Knees: A co-worker has had both knees replaced in the last few years.
He can play tennis again... and usually beats me.

Wow. Do you think that would work for me?

I read Sticks's OP much earlier today and totally forgot he had had knee surgery. This was not meant to make light of that.

--- PyGate Linux v1.5.2
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)