Compromised PC - Advice please!

[Kaone]

A friend (yes - honestly!) has allowed a scammer to have access to his win7 PC for 20 minutes and money has subsequently been taken from his Paypal account.

I've advised him to disconnect his PC from the internet until it's "clean" but I'd appreciate some advice on what is needed.

Would a complete re-install of Win7 be necessary?

Thanks

 

[Layback Bear]

The first thing I would advise your friend is change all passwords of everything.
Use a known clean computer to do the password replacement.
Then your friend should notify all financial association of the passwords being stolen.
Then check all accounts for any strange things of any kind.

Then I would do a Clean Install. It would take forever to figure out what the intruder did to the computer and what little goodies they left behind.

Please read these tutorials by Brink and Gregrocker.

http://www.sevenforums.com/tutorials/52129-disk-clean-clean-all-diskpart-command.html

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

http://www.sevenforums.com/tutorials/219487-clean-reinstall-factory-oem-windows-7-a.html

 

[Kaone]

Thanks, Layback Bear. I've read the articles but there are a couple of things (at least) that I'm uncertain about:
1. The pc has just one disk, but a full clean can't be done over the OS. How do I get round this?
2. To reload win7 all I have are the three recovery discs (DVDs) created when the pc was first set-up. Can these be used to reinstall Win7?

Thanks

 

[Kaone]

The pc is a Dell Inspiron 660. According to Dell's website the pc can be reset to factory settings via the F8 button at start-up. Would this be sufficient to restore the pc to a safe state?

 

[Layback Bear]

Setting to factory settings should bring your computer back to the way it was when it was bought. If that is okay with the owner I would try it. The intruder probably never went into that partition where your factory setting are.
When done I would still scan the computer with many security scans.

Did you read the tutorials I posted?

 

[Boozad]

He should also phone the police and let them know he's been scammed right in front of his face and tell them who it was.

 

[Kaone]

Yes, I read the tutorials - please see my second post.

It sounds as though the reset to factory settings option isn't 100% safe? It would be awful if my friend lost any further money.

 

[Kaone]

Hi Boozad, Yes he has spoken to the police and passed them all the details. Lloyds bank and Paypal have also been informed.

 

[Boozad]

At least he should get his money back as long as he can provide proof to Paypal.

You can create a bootable USB stick using an ISO image of Windows 7 instead of using any disks you have. These will include Service Pack 2 and will save some update time once installed. You'd have to download the relevant ISO from here then mount that to a USB stick following Part 2 of this tutorial :ar: http://www.sevenforums.com/tutorials/31541-windows-7-usb-dvd-download-tool.html

Then move onto the links Layback Bear posted.

 

[Kaone]

Paypal have made encouraging noises, but as he gave the scammer his password I'm not sure that they'll want to pay out. We'll see.

Thanks for the info regarding the bootable USB stick. I've had a quick look but it seems rather complicated.

Can the USB stick be created on my pc and then used to boot his?

 

[Boozad]

Can the USB stick be created on my pc and then used to boot his?

Yes it can mate. Once you've downloaded the correct ISO and the USB tool it's really straightforward, especially following those tutorials.

 

[Layback Bear]

The tutorials in my Post #2 are the best methods.
Because you and the members here don't know what the intruder did in your friends system.
I don't know how us telling you and then you tell your friend will work in completing these task.
Who is going to complete this repair? You or your friend?

Disk - Clean and Clean All with Diskpart Command

Clean Install Windows 7

I do know that Greg has helped thousands through the tutorial below.

Clean Reinstall - Factory OEM Windows 7

 

[Kaone]

Hi Layback Bear,

Sorry if there was some confusion. My friend knows nothing about computers so I have volunteered to do it for him. I also set it up for him when he first got it. I've moved it from his house to mine as I suspect it could be a lengthy process. After a career in IT I've now been retired for nearly 20 years so my technical knowledge of today's pcs is sketchy, however I can appreciate the risks posed when a professional hacker has had access. Your. and others, advice is greatly appreciated. Thank you.