Most of the infection has been cleaned, I think he had every type of malware on his computer.
How long should ESET online scanner and MSE take to do a full scan?
I'm thinking about saving the documents he needs to his WD MyBook drive and wipe the computer, I don't think I'll be 100% sure I'll get all of it.
Don't bother scanning with MSE. A full scan takes several hours and never finds anything. Use Malwarebytes instead. That is a powerful scanner.
For saving the files, you can use this Linux tool and before you put them on the OneBook, scan them here. But there is a 128MB size limit. So you will have to do it in batches.
Maiwarebytes was the first scanner I used and it found 2700 items. After that I used other programs and they all found a couple items. He called me and said ESET finished, there were two items that weren't removed so I had him write them down so I could come by later and see what they are. I think he's going to run MSE just to see if it finds anything.
Any idea on why the proxy settings in IE kept changing?
I have to add, when he called that number, a person convinced him to let them gain control of the computer.
Am I better off just starting from scratch? He'll have customer info on this computer. He owns his own business.
Bad news. If they got control of his system, they probably stole everything. You must start from scratch and he has to change all his passwords.
I would make an image of the partitions that contain his data and recover the data later from there. Use free Macrium and not Windows imaging. Safest would be a virtual partition for the recovery process. Use Windows 10 TP in the virtual partition. It is free. If the virtual partition gets infected you can care less. You just delete it at the end of the operation.
You have to be extremely careful with those data files. Only Virus Total can make a really deep scan.
Can I save the needed files/documents/pictures to the WD external drive and scan that with a known clean PC (my netbook) and Virus Total? I don't care if my netbook gets infected (it won't be connected to my network either). I can then wipe his computer and reinstall Windows.
That a stranger got inside a business computer is something to be very very concerned about. I sure hope customer records, accounts information was not stored on said computer. That business needs a no-nonsense IT person that when IT speaks, everybody in the office listens.
That's one way of doing it. But a virtual machine would be less painful.
It is not very likely that the files are infected, but you never know what these guys do. I am more worried that they stole a lot of files and passwords. The passwords need attention asap. And if there is banking info in the system, talk to the bank(s).
He said there is no banking info on the computer. There are other users on the computer, wife and son. Should they change their passwords?
I'm going to ask him to gather all the discs for software he needs including Windows so I can do a reinstall. I need to make two profiles, him as the admin and his wife as a standard user.
One last thing. What is a good/free program to use that will allow me to login to his computer from my house should he need tech help?
Thank you.
Last edited by HAVOC; 01 Mar 2015 at 08:48.
I use teamviewer, light free and easy to use, doesn't handle dual displays that well but other than that I find it great
TeamViewer - Free Remote Control, Remote Access & Online Meetings
I'm going to sound very un-nice here, what are and why are family members doing non-business things on a business computer? Many many business advice sources indicate: business and family nonbusiness should never ever be mixed -- especially on desktops or laptops conducting business involving clients, vendors, and so on. I'm sorry if I come across harsh, I'm concerned.
Quote