New
#1
Win7 notebook hit by "Microsoft Support" scam/Rootkit...
Hi All
A friend was caught by a "Microsoft Support" scam yesterday, they downloaded GoToAssist 3.1X on her HP Elitebook running Win7 Pro 64Bit on a Crucial MX300 SSD.
I rebooted into Safe Mode and deleted the GoToAssist, but when I rebooted into Windows the "Microsoft Alert" and chat window they used popped right back up on the Desktop, so I'm assuming there's a rootkit in the system.
The machine is currently off with Internet disabled.
Does anyone have any ideas of how to clean this out short of nuking the drive... there's stuff in there my friend would rather not lose if at all possible. (Yeah, she didn't back-up on a regular basis.)