I came into my house this morning and discovered someone had gained remote access through my VNC server. I scanned the event log and found the ip address to someplace in Romainia. The Command Prompt and Services windows were opened up. This was part of the last command in the command prompt: bitsadmin /transfer script.bat
It had been executed, but I was able to interrupt it with Ctl-C.
How can I know if they changed anything / got into anything?
Here are my FRST Logs.
I have found the script file they were trying to use and can put that here if you think it would be helpful. They were trying to use something called a "miner." Is there anyway to tell if they were successful?