Idiot brother replied to phishing email..what to do next?

AbstractWool

My pillock of a brother replied to a phishing email supposedly from his bank. :mad:

He realised what he had done and contacted the bank and froze eveything. But what does he have to do to check that nothing suspicious has been left on his computer?

Thanks for any replies.

tesuhoha

When I had a virus on my computer my son installed a programme called malwarebytes and ran a scan. However, I would say that the most simple thing to do would be to go to system tools and do a system restore to a date before all this happened. I think it removes any software that has been installed since that date.

bengalknights

Tell him to backup all his data and then do a complete fresh reinstall of his operating system.

RussJK

AbstractWool wrote: »

My pillock of a brother replied to a phishing email supposedly from his bank. :mad:

He realised what he had done and contacted the bank and froze eveything. But what does he have to do to check that nothing suspicious has been left on his computer?

Thanks for any replies.

What exactly did he do? Did he fill in his details/password? Or did he just reply?

Don't do system restore yet. The bank is frozen so there won't be any money loss; you can see if anything's been installed if you do the following:

Download and run either HijackHunter or DDS, but make sure you run as administrator. HijackHunter produces a single log, which you should copy/paste into this thread (or PM me for an email address if you don't want to post into a forum). DDS produces two logs, which you should manually save. Only copy/paste the DDS.txt log.

HijackHunter here (http://www.novirusthanks.org/product/hijack-hunter/)
DDS here (http://www.bleepingcomputer.com/download/anti-virus/dds)

Download, install, update and run a QUICK scan with Malwarebytes Anti-Malware. Use this link in case of a browser Hijack:
http://www.users.on.net/~russ/mb.exe
(clean anything it finds, and post the full log please)

Run HitmanPro as a quick second opinion:
http://www.users.on.net/~russ/hmp.exe

RussJK

Feel free to ask any questions if you need to. Best to let us know exactly what you've done and if there were any problems. I'll have some other steps to take as well, but there's plenty there to do if you choose to.

AbstractWool

He filled in their questions! :eek: This is someone with a Phd!
Will ask him later and pm you...thank you! :T

RussJK

AbstractWool wrote: »

He filled in their questions! :eek: This is someone with a Phd!
Will ask him later and pm you...thank you! :T

Haha, oh dear.

Well any data loss has already occurred unfortunately, depending on the questions asked. I can help try to figure out the email itself installed any malware, but they've presumably already taken all the details they'd need for identity theft. All I can think is for the both of you to look at exactly what details he gave them, and then for your brother to use different details in future where possible. E.g. if he gave away your mother's maiden name, then that won't be so safe to use in future for financial services.

If you still have the phishing email, feel free to have your brother forward it to my email (I'll pm you) if he knows how to do it without opening it again, and I can have a look later on when I'm on a more secure PC than this one.

Pinkypants

Pity you can get a PHD in common sense!

macman

He doesn't have to do anything. A phishing scam is simply a false link sent as spam, it doesn't directly compromise your PC. If he's followed it to his bank and logged in, then they may captured his login details. If that has been dealt with, then there should be no other concerns.

paulstar

Sounds like a good time to get around to changing all your passwords too.