Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I just got that call...

28 Feb 2015   #11
HAVOC

Windows 7 Professional 64bit
 
 

Most of the infection has been cleaned, I think he had every type of malware on his computer.

How long should ESET online scanner and MSE take to do a full scan?

I'm thinking about saving the documents he needs to his WD MyBook drive and wipe the computer, I don't think I'll be 100% sure I'll get all of it.


My System SpecsSystem Spec
.
28 Feb 2015   #12
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote   Quote: Originally Posted by HAVOC View Post
Most of the infection has been cleaned, I think he had every type of malware on his computer.

How long should ESET online scanner and MSE take to do a full scan?

I'm thinking about saving the documents he needs to his WD MyBook drive and wipe the computer, I don't think I'll be 100% sure I'll get all of it.
Don't bother scanning with MSE. A full scan takes several hours and never finds anything. Use Malwarebytes instead. That is a powerful scanner.

For saving the files, you can use this Linux tool and before you put them on the OneBook, scan them here. But there is a 128MB size limit. So you will have to do it in batches.
My System SpecsSystem Spec
28 Feb 2015   #13
HAVOC

Windows 7 Professional 64bit
 
 

Maiwarebytes was the first scanner I used and it found 2700 items. After that I used other programs and they all found a couple items. He called me and said ESET finished, there were two items that weren't removed so I had him write them down so I could come by later and see what they are. I think he's going to run MSE just to see if it finds anything.

Any idea on why the proxy settings in IE kept changing?

I have to add, when he called that number, a person convinced him to let them gain control of the computer.
Am I better off just starting from scratch? He'll have customer info on this computer. He owns his own business.
My System SpecsSystem Spec
.

28 Feb 2015   #14
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Bad news. If they got control of his system, they probably stole everything. You must start from scratch and he has to change all his passwords.

I would make an image of the partitions that contain his data and recover the data later from there. Use free Macrium and not Windows imaging. Safest would be a virtual partition for the recovery process. Use Windows 10 TP in the virtual partition. It is free. If the virtual partition gets infected you can care less. You just delete it at the end of the operation.


You have to be extremely careful with those data files. Only Virus Total can make a really deep scan.
My System SpecsSystem Spec
01 Mar 2015   #15
HAVOC

Windows 7 Professional 64bit
 
 

Can I save the needed files/documents/pictures to the WD external drive and scan that with a known clean PC (my netbook) and Virus Total? I don't care if my netbook gets infected (it won't be connected to my network either). I can then wipe his computer and reinstall Windows.
My System SpecsSystem Spec
01 Mar 2015   #16
RolandJS

Windows 7 Professional 64-bit
 
 

That a stranger got inside a business computer is something to be very very concerned about. I sure hope customer records, accounts information was not stored on said computer. That business needs a no-nonsense IT person that when IT speaks, everybody in the office listens.
My System SpecsSystem Spec
01 Mar 2015   #17
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

That's one way of doing it. But a virtual machine would be less painful.

It is not very likely that the files are infected, but you never know what these guys do. I am more worried that they stole a lot of files and passwords. The passwords need attention asap. And if there is banking info in the system, talk to the bank(s).
My System SpecsSystem Spec
01 Mar 2015   #18
HAVOC

Windows 7 Professional 64bit
 
 

He said there is no banking info on the computer. There are other users on the computer, wife and son. Should they change their passwords?

I'm going to ask him to gather all the discs for software he needs including Windows so I can do a reinstall. I need to make two profiles, him as the admin and his wife as a standard user.

One last thing. What is a good/free program to use that will allow me to login to his computer from my house should he need tech help?

Thank you.
My System SpecsSystem Spec
01 Mar 2015   #19
Pauly

Win7 Ultimate X64
 
 

I use teamviewer, light free and easy to use, doesn't handle dual displays that well but other than that I find it great
TeamViewer - Free Remote Control, Remote Access & Online Meetings
My System SpecsSystem Spec
01 Mar 2015   #20
RolandJS

Windows 7 Professional 64-bit
 
 

I'm going to sound very un-nice here, what are and why are family members doing non-business things on a business computer? Many many business advice sources indicate: business and family nonbusiness should never ever be mixed -- especially on desktops or laptops conducting business involving clients, vendors, and so on. I'm sorry if I come across harsh, I'm concerned.
My System SpecsSystem Spec
Reply

 I just got that call...




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Help with phone call
I just got a call on my cell phone from someone saying they are from online tech support. Don't have any way of supporting who they are. They wanted me to down load a program called Team Viewer. I didn't do it cause I don''t know who he was. I just hung up. Since then I went back to another part of...
General Discussion
wanted to call it D but the system suggested I call it E
I just initialised my 1TB hard Drive (which is still empty) and wanted to call it D but the system suggested I call it E because other programs may wish to use the D that has been allocated to the Optical Drive. So I left it at E. Any particular reason why I can't go back in and change...
Hardware & Devices
So I get a call from Microsoft...
I really wanted to "play" with this person but I was in the supermarket and didn't have the time. Call was from an unknown number. He said he was from Microsoft and wanted to know if I was using Windows :roflmao:
Chillout Room
Need help not sure what to call it. please look
***IMPORTANT*** i need help from someone with LOTS of experience (a sage). if you dont know windows 7 inside and out you probly wont be able to help me but thanx anyways :D hi i recently bought a used acer aspire one netbook and im quite confused about something, ill break it down for ya.... ...
General Discussion
I've no idea how to call this, but i need help, please..
Hi guys, I joined here hoping i can fix this problem the easier way. I'm by no means pc expert, so consider this as a noob question. Let me get to the point. I was getting this update warning every few minutes, which i believe was fake, and i saw it's coming from consent.exe, so i went in...
Performance & Maintenance


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App