Will a recovery disk wipe my hijacked pc completely?

Hi McScooter,

Sorry to hear about your misfortune - you have definately come to the right place to get it fixed.

Mike is correct : run Option 1. The default factory setting will wipe all existing data from the partition, and then "reinstall" everything back to the partition that was current the day you bought the laptop. Since this pre-dates the trouble you had, it is unlikely that there will then be traces of the “letmein123” on the system.

However, Ivan has a good point : in the case of complex dialers/keyloggers it is possible that the recovery partition may have been infected. As Ivan suggested, you should scan the laptop once you have recovered from the factory settings. To do this please follow these steps:

1. Download and install MSE here http://www.microsoft.com/security_essentials/ - run a FULL scan
2. Also, as an added layer of protection, run this online virus scanner here Free ESET Online Antivirus Scanner
3. Download and install MBAM here Malwarebytes - run both the FLASH, and the FULL scan

Please ensure the virus/malware database are up to date before running the scans (there will be an option in MSE and MBAM to update to the latest definitions).


Please post back here once you have recovered to factory settings and performed those scan. There is one other security check I would like you to run after you have been able to recover and scan.

Regards,
Golden

EDIT : Also perform these same scans on any backup devices (external USB drives for example) once you get to the point where you want to attach them to your laptop again.

Excellent.

Please remember that you need to make the worst assumption that every USB device (external drives, thumb drives, sticks etc.) plugged into the PC are potentially also infected and should be also scanned with the same rigour as the PC. Likewise, if you had other laptops/PC's connected to the same network.

The last test I would like you to run is a vulnerability check to intrusion on the ports of your router. To do this, please follow these steps:

1. Open this web page https://www.grc.com/x/ne.dll?bh0bkyd2
2. Select Proceed
3. Select All Service Ports

The site will now check whether you have any open ports on the router that can be used to gain access to your system. If you get the results as shown in the image, your system is locked down tight, which is the way you want it.

The last thing I think we should do, is ask one of the security experts here to have a look at my suggestions to make sure we haven't missed anything - I'll ask if anyone is available to do that for you.

Please keep the following up and running at all times:
1. Windows Firewall
2. MSE
3. MBAM (consider a purchase to have it resident in memory and auto updating)

Regards,
Golden

I have had HP computers in the past with recovery. I never had anything enter the recovery section.
99.9% safe.

Turn on Windows Firewall and download MSE. That will give you active protection
Then a run of Malwarebytes etc. when done installing is a good idea just for peace of mind if nothing else.

Golden's above posting is right in ext HD or Flash drive being infected is highly likely.

Mike

Hi Stuart,

No, I don't think its a big issue, but I wouldn't mind a second opinion on that.

Am I right in saying you got your router from your ISP (or maybe they helped you set it up)? They leave these ports open so they can ping your router when you ring them for support. I close mine entirely so that I don't even seem to exist - its the equivalent of removing your telephone number from the directory to avoid cold calls. If you want to place them into stealth, we can do that via the router - what make & model router do you use?

Apart from that, you are locked down nice and tight now - its looking good. Whilst we wait for a security expert just to review this, I suggest starting a scan of all your external USB devices.

Regards,
Golden