Professional cleaning: what's involved?

Page 1 of 11 123 ... LastLast

  1. Posts : 209
    Windows 10
       #1

    Professional cleaning: what's involved?


    Several weeks back, my brother, who is astonishingly naive about computers, got taken in by some malware on his computer. A screen came up which told him his computer had been compromised and advised him to call a specific number for help. *He actually called the number*. He fell hook, line and and sinker for the entire scam, which involved him paying $350 for a five year security maintenance package. A few weeks later, they called him and said his computer was infected again and it was their fault and they were going to refund his money; they claimed to have refunded 10 times the amount they owed him and wanted him to pay back the surplus, which he proceeded to do, via iTunes gift cards. I could hear his phone conversations with the scammers and knew something was up but he was sure that everything was fine; he even believed that he was going to get several hundreds dollars bonus for all his time and trouble in helping them rectify "their mistake". (I told you he was naive.) Anyway, long story short, I finally persuaded him he was being swindled and got him to stop giving them gift cards; he ended up losing a good bit of money. We reported the incident to the police but were advised it was unlikely they would be able to do anything; they haven't called back since the officer was here to take the report.

    We spoke to the bank and got his password changed for his online banking - I think they had installed a keylogger on his computer and obtained his password and messed around with his bank accounts to some extent - and were advised to get a professional cleaning done on the computer before using it again; it has been offline ever since. He's strapped for money right now but would like to use the computer again.

    I'm willing to help him clean the computer - I'm reasonably proficient with computers - but before I tackle this, I'd like to know what exactly the bank was implying by a "professional" cleaning. In other words, what would a good computer store do if they had to clean up a computer that had been compromised in this way?
      My Computer


  2. Posts : 284
    Windows 10 Pro 64-bit
       #2

    You should report this to the FBI not regular police.

    Anything important on the drive? Boot off a linux live CD, plug in an external drive and start backing up files.

    https://linuxmint.com

    As for your current installation, I’d probably just reformat the drive and reinstall. If you’re paranoid, you could zero the drive with DBAN or another offline destructive data erasure program and then format/install.

    DBAN will not work on SSDs.

    https://dban.org

    Alternatively, you could boot off Windows installation media and use diskpart to wipe the drive:

    https://neosmart.net/wiki/diskpart/

    If you’re super paranoid, buy/install a new Hard drive and then reinstall Windows on that.
      My Computers


  3. Posts : 209
    Windows 10
    Thread Starter
       #3

    I would be quite surprised if he had any data that needed saving, given that he pretty much just uses it to play games, watch YouTube videos, and keep up with the news.

    The computer came with Windows 10 pre-installed and no disk. How could he reinstall the operating system without having any disks? (I strongly suspect he didn't make a backup of Windows before at any point after he got the computer.) I assume there is some way to reinstall from the web but I don't know how we'd acquire the key unless he has some paperwork with the key on it from the place he bought the computer.
      My Computer


  4. Posts : 31,398
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #4

    RhinoCan said:
    The computer came with Windows 10 pre-installed and no disk. How could he reinstall the operating system without having any disks?
    It's called a Reset, Windows 10 can do a clean install using the existing system files as the source. If this is an OEM installed Windows 10, this will perform a 'factory reset', including any OEM customizations. There's a tutorial...

    Reset Windows 10
      My Computers


  5. Posts : 284
    Windows 10 Pro 64-bit
       #5

    Don’t worry about the key. It’s usualky embedded in the BIOS and will be auto-detected. If you’re prompted to enter a key, select “don’t have it” and move on. It’ll activate when it hits the desktop and has a internet connection.

    You can download/create Windows installation media using the media creation tool from MS:

    https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

    Windows 10 is usually very good at detecting/installing the required hardware drivers. Any blanks can be filled in by downloading drivers from manufacturers website.
      My Computers


  6. Posts : 284
    Windows 10 Pro 64-bit
       #6

    Bree said:
    It's called a Reset, Windows 10 can do a clean install using the existing system files as the source. If this is an OEM installed Windows 10, this will perform a 'factory reset', including any OEM customizations. There's a tutorial...

    Reset Windows 10


    The HDD is potentially compromised, so the built-in restore functions can’t be trusted.
      My Computers


  7. Posts : 31,398
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #7

    The Reset should check the integrity of the source files it's using.
      My Computers


  8. Posts : 284
    Windows 10 Pro 64-bit
       #8

    Bree said:
    The Reset should check the integrity of the source files it's using.
    Nothing is 100% when dealing with malware. Unless I was an OS/security engineer, which I’m not, there’s no way I’d sign off on the drive as clean using the recovery functions of a compromised installation.
      My Computers


  9. Posts : 209
    Windows 10
    Thread Starter
       #9

    vram said:
    You can download/create Windows installation media using the media creation tool from MS:

    Create Bootable USB Flash Drive to Install Windows 10 Installation Upgrade Tutorials

    Windows 10 is usually very good at detecting/installing the required hardware drivers. Any blanks can be filled in by downloading drivers from manufacturers website.
    Are you proposing doing this step before or after running DBAN? It makes sense to me to run DBAN to clean up any lingering traces of whatever crap they put on his computer but would running DBAN destroy the possibility of using the media creation tool? And if I created the media *before* scrubbing the hard drive, could I count on getting a clean copy of the OS from the media creation tool?

    By the way, I just spoke to him and he *may* have a license key but he isn't sure and is in the middle of something so won't look for it right now. Therefore, I want to understand what I should do for both cases. You've told me what to do if he doesn't have a key - although you're still helping me with some followup question - but I'm not sure what to do if he *does* have a key.
      My Computer


  10. Posts : 284
    Windows 10 Pro 64-bit
       #10

    Did the PC come with Windows 10 or was it an upgrade? Are you positive this PC has a traditional spinning hard drive and not an SSD? If SSD, DBAN useless and will have to use another tool for the job.

    Me personally, I’d be satisfied with deleting the partitions during the Windows installation process and let the installer format/install Windows. As mentioned, it’s about how paranoid you are with it.

    Assuming he has
    Nothing to backup....

    1.Run DBAN

    2. Create install media using a clean PC. Do not use infected PC to create the media.

    3. Proceed to install Windows.

    If he happens to have the key, you can put it in during the install or after you get to the desktop. Chances are, it’ll activate on its own, no key input required. The license is tied to a hardware signature on MS servers as I’m told.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:31.
Find Us




Windows 10 Forums