Relative got scammed by 'Windows' cold call - how to ensure computer is safe?

closed

post a hijackthis log - you are probably worrying for nothing. ask her to go into event viewer, and see if that what they suggested.

it probably has a factory restore partition for reinstalling windows, see the manual, and backup first.

mandragora_2

http://www.microsoft.com/en-gb/security/online-privacy/avoid-phone-scams.aspx

I hope this link helps. Microsoft take it seriously.

Bored

Notmyrealname wrote: »

Doesn't mean that you're home safe. You need to find a good app to hunt for rootkits.

Any recommendations? This is out of my technical expertise.

debitcardmayhem

http://public.avast.com/~gmerek/aswMBR.htm is one
Don't bother with the update ....

waddler_8

http://public.avast.com/~gmerek/aswMBR.exe

• Double click aswMBR.exe
• Click no to the prompt to download Avast! virus definitions.
• click the Scan button.
• When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
• Click EXIT.
• Copy & paste the contents of aswMBR.txt & post it here.

debitcardmayhem

Never seen the sophos one http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
TDSkiller is ok to http://support.kaspersky.com/faq/?qid=208283363
If they run , then it is probable that the PC hasn't got one of the latest incarnations

debitcardmayhem

waddler_8 wrote: »

http://public.avast.com/~gmerek/aswMBR.exe

• Double click aswMBR.exe
• Click no to the prompt to download Avast! virus definitions.
• click the Scan button.
• When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
• Click OK when prompted. aswMBR.txt & MBR.dat will be appear on your desktop.
• Click EXIT.
• Copy & paste the contents of aswMBR.txt & post it here.

Thanks Waddler, my internet is a mare at the mo,

robmar0se

Bored wrote: »

Any recommendations? This is out of my technical expertise.

A clean Malwarebytes report is very encouraging as it usuaaly finds any stuff that is wrong; in 5 years I have had to get back to them three times on unresolved problems. Have a go with Combofix too - http://www.bleepingcomputer.com/combofix/how-to-use-combofix - if you get a clean report here you should be pretty comfortable.

You could also try the tdss killer - although I haven't seen this rootkit loaded by these scammers - http://support.kaspersky.com/faq/?qid=208283363

Also look at the list of programs in the add/remove programs list to see if Logmein, or teamviewer were installed - if not that is also a good sign that your Mum stopped them before they got too far.

I have seen systems where logmein was present where harmless programs were also loaded eg Ccleaner, Auslogics Disk Defrag, and others. They are after the cash they can extort - I've seen from £113 to over £300 - and systems where internet banking etc is present, so that they can obtain the passwords etc. If your Mum doesn't do online banking then she won't be vulnerable. Keyloggers, which identify what the user is keying will almost certainly be picked up by malwarebytes/combofix.

In summary have a go with Combofix and follow the tutorial given in the URL above.

Good luck

waddler_8

After all these checks it really comes down to the user & the computers use. You yourself have to be confident that the machine is trustworthy if someone may have had remote access, even in the face of "clean" scans.

If you use the computer for online banking & there is doubt in your own head each time you use it - Then I would format & reinstall.

Bored

Thanks for suggestions people, will follow advice and post results on here tomorrow.