Recently, I faced a serious security incident. Someone tried to access my accounts — PayPal, Steam, Google — and even attempted to take control of my PC. Here’s what happened and what I did to secure everything.
Step 1: Log Out the Attacker
I immediately cut off access using built-in Windows tools and Command Prompt (CMD):
net user
net user [username]
net localgroup administrators
net user [username] /active:noI also used netplwiz (Windows + R → type netplwiz) to review accounts, attempt to remove the malicious user, and make sure only trusted accounts had admin rights.
Step 2: Change Passwords & Enable MFA
- Changed passwords on more than ten accounts, making them long and unique (15+ characters)
- Enabled Multi-Factor Authentication (MFA) wherever possible
Step 3: Boot Into Safe Mode & Scan for Malware
Safe Mode prevents most malware from running. I did the following:
- Restarted the PC → F8 / Shift + Restart → selected Safe Mode
- Ran Malwarebytes for a full scan and removed over 50 trojans
- Rebooted and re-scanned to confirm the system was clean
Step 4: Check & Secure All Accounts
- Reviewed login alerts and unusual activity
- Removed unknown devices from Google, Microsoft, and other accounts
- Checked email forwarding rules and recovery emails
- Ensured all accounts had strong passwords and MFA
Step 5: CMD & PC Security Cheat Sheet
net user
net user [username]
net localgroup administrators
net user [username] /active:no
query user
tasklist /v
netstat -anoOther tools:
- netplwiz → review accounts and remove malicious users
- Safe Mode + Malwarebytes → clean malware
Key Lessons Learned
- Use long, strong passwords (15+ characters)
- Enable MFA on every account
- Regularly scan your PC for malware
- Use Safe Mode + CMD tools + netplwiz to check and remove suspicious users
- Act immediately if you notice unusual activity
- Repeat scans and checks to ensure your system remains clean
Final Advice
Online security is a continuous habit. Regularly update passwords, enable MFA, scan your PC, check admin accounts, and stay alert. Quick and thorough action can save you from serious data loss and account compromise.