Jump to content

Computer Hacked! Advise please.


Sam Mcgoo

Recommended Posts

Unfortunately, while I was away working my wife fell for a scam over the telephone from 'Microsoft Windows Help desk' and her laptop was accessed remotely by the scammers. :headhurt:

 

Once she realised what was going on, she shut down and removed the battery. However, she says they were probably on there a good 10-15 minutes before she realised it was non-genuine.

 

So, we have informed our banks, credit cards etc and changed all internet passwords for every account I can think of. She also spoke to the police who referred her to Action fraud who took some details and gave us a reference no.

This was a couple of weeks ago now and there has been no suspicious account activity as yet.

 

Regarding finances etc is there anything else we need to do?

 

So, I would like to get the laptop up and running for her to use again and have done the following so far...

 

-Switched on in safe mode and rolled back to a system restore point a month before the event.

 

-re-enabled the firewall and antivirus that they had switched off. Also turned off remote access.

 

-Ran several scans using Kaspersky 2012, Malwarebytes and Superantispyware. About 13 things were picked up, trojens, vunrabilities etc....but nothing that stood out as really bad (not that I know anything about it lol)

 

- Switched the wifi back on, Connected to the internet and done all the windows updates etc....

 

Those in the know......Is it safe to use again now? or should I format the drives and start again?

 

If the latter, whats the best way to go about it? do you just do the C drive?

 

Thanks in advance for any help.

Link to comment
Share on other sites

If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch.

 

Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future).

 

If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software

 

That should just about do it.

Link to comment
Share on other sites

you've probably solved it, as most of the time they just use the remote access software to get the info they're after - however, I'd go with chesterfield on this and to be safe, start from scratch

Link to comment
Share on other sites

Chestefield's advice is pretty sound. You may well have got rid of everything with the security software, but personally I'd want to re-format after someone having such an extended period of unrestricted access. At the end of the day the security software can only detect things that it knows to look for, and updates against new threats can take several days to be published and sometimes aren't fully effective until further updates have been applied on top.

 

I don't know how your home network is set up, but if it's as lax as some I've seen then it's possible that they could have had access to other machines on the same network through that laptop, so that's worth bearing in mind.

 

Hope they didn't get what they were after and you get it all sorted.

 

DB

Link to comment
Share on other sites

If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch.

 

Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future).

 

If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software

 

That should just about do it.

 

This.

Link to comment
Share on other sites

Thank you very much for the prompt replies guys. :thumbs:

 

So you know the next question......how do I go about formatting the drives (vista)? :blush:

 

Is Restoring from a back up ok? Or is there a way to totally wipe them and start again?

 

There were no other computers in the house turned on at the time and we don't have any file sharing on so I assume they couldn't have accessed any others?

Link to comment
Share on other sites

+1 on the format c and start from scratch. I actually got a call the other night from some one claiming to be from BT broadband advising me I had a virus and wanting remote access to fix it, I almost fell for as well as the night before had been on the phone to BT about my broadband contract.

Link to comment
Share on other sites

+1 on the format c and start from scratch. I actually got a call the other night from some one claiming to be from BT broadband advising me I had a virus and wanting remote access to fix it, I almost fell for as well as the night before had been on the phone to BT about my broadband contract.

 

A similar thing made her fall for it.

That day she emailed me to tell me that the computer had ground to a halt to the point that is was almost unusable, then a few hours later she got the call........she assumed it was something I had organised for her. :doh:

Link to comment
Share on other sites

If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch.

 

Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future).

 

If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software

 

That should just about do it.

 

Couldn't have said it better myself..... better safe than sorry for the sake of a complete format and reinstall of your OS got to be the way to go :thumbs:

Link to comment
Share on other sites

I have had a multitude of calls from the "Microsoft Windows Help Desk" , Indian call centre and yes, it's a scam but not in the way you might think. From what I've read this is an attempt to sell you some worthless anti virus software, they do this by highlighting any red x's and warning messages in the event viewer system log, anyone who knows anything about PC's will know that no matter how clean your system is these red x's will show up, they are nothing more than simple system errors.

 

 

However, this could be a new scam as I just tell them to (insert profanity here) when they phone these days.

 

 

Pete

Link to comment
Share on other sites

I'm actually with JetSet on this - the scam is to sell you crap - dosn't stop them loading other bits though - one of our clients who recently fell for the same call had goto my PC installed and running on the sytem - this is not a virus so won't come up with a virus or malware scan but does mean they can log into your PC anytime - and a static IP or Dynamic makes no difference....so as Cheterfield says to be sure format nad reload.

 

@ Sam - If it's a laptop the Vista code should be on the bottom with the licence some Laptops have a restore otion F8 or simlar on startup, this should wipe the hard drive and restore it to the day you bought it so when turned back on you will be asked to set it up again (make sure you have backups)

 

If you have the licence codes but no restore option or install disks drop me a PM I can get you a copy of most versions to reinstall from.

 

If you have a disk image style backup from before the hack then this should be safe to restore from.

Link to comment
Share on other sites

Or take the opportunity to upgrade to windows 7. (check your system is compatible)

 

With Windows 8 now available, Windows 7 will be cheap - and its a LOT better than Vista. You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week.

Link to comment
Share on other sites

......................

You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week.

 

I Strongly agree with this statment :)

Link to comment
Share on other sites

I have had a multitude of calls from the "Microsoft Windows Help Desk" , Indian call centre and yes, it's a scam but not in the way you might think. From what I've read this is an attempt to sell you some worthless anti virus software, they do this by highlighting any red x's and warning messages in the event viewer system log, anyone who knows anything about PC's will know that no matter how clean your system is these red x's will show up, they are nothing more than simple system errors.

 

 

However, this could be a new scam as I just tell them to (insert profanity here) when they phone these days.

Pete

 

I had read something similar, and Caroline did say that they were showing her all the 'problems' on screen and towards the end of it asked how long she wanted to be protected for, trying to sell her protection.

I just hope that's all it was. But I can't help wondering what information they could have gained while all this was going on. It was my old laptop and had a lot of financial documents/info still on it.

 

I'm actually with JetSet on this - the scam is to sell you crap - dosn't stop them loading other bits though - one of our clients who recently fell for the same call had goto my PC installed and running on the sytem - this is not a virus so won't come up with a virus or malware scan but does mean they can log into your PC anytime - and a static IP or Dynamic makes no difference....so as Cheterfield says to be sure format nad reload.

 

@ Sam - If it's a laptop the Vista code should be on the bottom with the licence some Laptops have a restore otion F8 or simlar on startup, this should wipe the hard drive and restore it to the day you bought it so when turned back on you will be asked to set it up again (make sure you have backups)

 

If you have the licence codes but no restore option or install disks drop me a PM I can get you a copy of most versions to reinstall from.

 

If you have a disk image style backup from before the hack then this should be safe to restore from.

 

Thanks Chris for the info and offer :thumbs: I found a set of recovery disks and it turns out there was a recovery partition so I have restored it to factory.

I'm now just waiting for the 81 important windows updates to install :yawn:

 

Or take the opportunity to upgrade to windows 7. (check your system is compatible)

 

With Windows 8 now available, Windows 7 will be cheap - and its a LOT better than Vista. You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week.

 

I might just do that, I have Win 7 on my new lappo and it is far easier to use and does seem a lot quicker.

Link to comment
Share on other sites

  • 2 weeks later...

I've had loads of these phone calls. Never fallen for it, but it would easy to do so, especially if you did the "Send error report to Microsoft" just a day or 2 before.

I use Windows 7 at work, and it's so much faster than XP and Vista. I mean starting up a pc in 30 seconds used to be the thing of dreams not so long ago.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...