Windows 10: Professional cleaning: what's involved? Solved

Page 1 of 11 123 ... LastLast
  1.    31 Dec 2017 #1

    Professional cleaning: what's involved?


    Several weeks back, my brother, who is astonishingly naive about computers, got taken in by some malware on his computer. A screen came up which told him his computer had been compromised and advised him to call a specific number for help. *He actually called the number*. He fell hook, line and and sinker for the entire scam, which involved him paying $350 for a five year security maintenance package. A few weeks later, they called him and said his computer was infected again and it was their fault and they were going to refund his money; they claimed to have refunded 10 times the amount they owed him and wanted him to pay back the surplus, which he proceeded to do, via iTunes gift cards. I could hear his phone conversations with the scammers and knew something was up but he was sure that everything was fine; he even believed that he was going to get several hundreds dollars bonus for all his time and trouble in helping them rectify "their mistake". (I told you he was naive.) Anyway, long story short, I finally persuaded him he was being swindled and got him to stop giving them gift cards; he ended up losing a good bit of money. We reported the incident to the police but were advised it was unlikely they would be able to do anything; they haven't called back since the officer was here to take the report.

    We spoke to the bank and got his password changed for his online banking - I think they had installed a keylogger on his computer and obtained his password and messed around with his bank accounts to some extent - and were advised to get a professional cleaning done on the computer before using it again; it has been offline ever since. He's strapped for money right now but would like to use the computer again.

    I'm willing to help him clean the computer - I'm reasonably proficient with computers - but before I tackle this, I'd like to know what exactly the bank was implying by a "professional" cleaning. In other words, what would a good computer store do if they had to clean up a computer that had been compromised in this way?
      My ComputerSystem Spec

  2.    31 Dec 2017 #2

    You should report this to the FBI not regular police.

    Anything important on the drive? Boot off a linux live CD, plug in an external drive and start backing up files.

    https://linuxmint.com

    As for your current installation, Iíd probably just reformat the drive and reinstall. If youíre paranoid, you could zero the drive with DBAN or another offline destructive data erasure program and then format/install.

    DBAN will not work on SSDs.

    https://dban.org

    Alternatively, you could boot off Windows installation media and use diskpart to wipe the drive:

    https://neosmart.net/wiki/diskpart/

    If youíre super paranoid, buy/install a new Hard drive and then reinstall Windows on that.
      My ComputersSystem Spec

  3.    31 Dec 2017 #3

    I would be quite surprised if he had any data that needed saving, given that he pretty much just uses it to play games, watch YouTube videos, and keep up with the news.

    The computer came with Windows 10 pre-installed and no disk. How could he reinstall the operating system without having any disks? (I strongly suspect he didn't make a backup of Windows before at any point after he got the computer.) I assume there is some way to reinstall from the web but I don't know how we'd acquire the key unless he has some paperwork with the key on it from the place he bought the computer.
      My ComputerSystem Spec


  4. Posts : 7,690
    10 Home x64 (1803) (10 Pro on 2nd pc)
       31 Dec 2017 #4

    RhinoCan said: View Post
    The computer came with Windows 10 pre-installed and no disk. How could he reinstall the operating system without having any disks?
    It's called a Reset, Windows 10 can do a clean install using the existing system files as the source. If this is an OEM installed Windows 10, this will perform a 'factory reset', including any OEM customizations. There's a tutorial...

    Reset Windows 10
      My ComputersSystem Spec

  5.    31 Dec 2017 #5

    Donít worry about the key. Itís usualky embedded in the BIOS and will be auto-detected. If youíre prompted to enter a key, select ďdonít have itĒ and move on. Itíll activate when it hits the desktop and has a internet connection.

    You can download/create Windows installation media using the media creation tool from MS:

    https://www.tenforums.com/tutorials/2376-create-bootable-usb-flash-drive-install-windows-10-a.html

    Windows 10 is usually very good at detecting/installing the required hardware drivers. Any blanks can be filled in by downloading drivers from manufacturers website.
      My ComputersSystem Spec

  6.    31 Dec 2017 #6

    Bree said: View Post
    It's called a Reset, Windows 10 can do a clean install using the existing system files as the source. If this is an OEM installed Windows 10, this will perform a 'factory reset', including any OEM customizations. There's a tutorial...

    Reset Windows 10


    The HDD is potentially compromised, so the built-in restore functions canít be trusted.
      My ComputersSystem Spec


  7. Posts : 7,690
    10 Home x64 (1803) (10 Pro on 2nd pc)
       31 Dec 2017 #7

    The Reset should check the integrity of the source files it's using.
      My ComputersSystem Spec

  8.    31 Dec 2017 #8

    Bree said: View Post
    The Reset should check the integrity of the source files it's using.
    Nothing is 100% when dealing with malware. Unless I was an OS/security engineer, which Iím not, thereís no way Iíd sign off on the drive as clean using the recovery functions of a compromised installation.
      My ComputersSystem Spec

  9.    31 Dec 2017 #9

    vram said: View Post
    You can download/create Windows installation media using the media creation tool from MS:

    Create Bootable USB Flash Drive to Install Windows 10 Installation Upgrade Tutorials

    Windows 10 is usually very good at detecting/installing the required hardware drivers. Any blanks can be filled in by downloading drivers from manufacturers website.
    Are you proposing doing this step before or after running DBAN? It makes sense to me to run DBAN to clean up any lingering traces of whatever crap they put on his computer but would running DBAN destroy the possibility of using the media creation tool? And if I created the media *before* scrubbing the hard drive, could I count on getting a clean copy of the OS from the media creation tool?

    By the way, I just spoke to him and he *may* have a license key but he isn't sure and is in the middle of something so won't look for it right now. Therefore, I want to understand what I should do for both cases. You've told me what to do if he doesn't have a key - although you're still helping me with some followup question - but I'm not sure what to do if he *does* have a key.
      My ComputerSystem Spec

  10.    31 Dec 2017 #10

    Did the PC come with Windows 10 or was it an upgrade? Are you positive this PC has a traditional spinning hard drive and not an SSD? If SSD, DBAN useless and will have to use another tool for the job.

    Me personally, Iíd be satisfied with deleting the partitions during the Windows installation process and let the installer format/install Windows. As mentioned, itís about how paranoid you are with it.

    Assuming he has
    Nothing to backup....

    1.Run DBAN

    2. Create install media using a clean PC. Do not use infected PC to create the media.

    3. Proceed to install Windows.

    If he happens to have the key, you can put it in during the install or after you get to the desktop. Chances are, itíll activate on its own, no key input required. The license is tied to a hardware signature on MS servers as Iím told.
      My ComputersSystem Spec


 
Page 1 of 11 123 ... LastLast

Related Threads
FREEZING if left for 5+ min with no input (but any cursor movement or Sleep Mode prevents freeze) Latest: ALL corrupted/missing files corrected by scannow + dism/restorehealth (re-check with scannow) close dump file, etc. examination in BSOD...
Hey all, I've been searching around for answers to this one but can't seem to find what would create these symptoms: I tried to download a photo from a stock photo site through their download link, which I've done hundreds of times. It...
I have a Windows XP/ Win 10 dual boot system, and I've also just moved to a replacement motherboard. The Win 10 handled the different motherboard in it's stride (except for activaton issue, but that's another story) The Windows XP *seems* like...
I'm wondering if anyone knows how to successfully transfer a win 10 license to a newly built custom pc? Let me explain my situation: I have an old desktop that I built and upgraded some parts over the years that initially had win XP on it. I...
Cleaning Windows 7 in Performance & Maintenance
Apart form CCleaner I use commands in command prompt (elevated) cleanmgr/sagerun:1 and %SystemRoot%\System32\Cmd.exe /c Cleanmgr /sageset:65535 & Cleanmgr /sagerun:65535 My system runs very well so is this enough or do I need to use...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:38.
Find Us