Is there a trojan csrss.exe? If so how do I eliminate it.

Bruce SX said:

Belarc listed her Office version as 365

I'm done for in today. Thanks for everything...especially your patience.

I'll plug back in tomorrow and see if you are available.

Great. Then her subscription will be available in her MS account.

Ready when you are.

Bruce SX said:

I will be busy this morning until about 1pm your time. I've just finished breakfast, and I am preparing to head out. I'll check back in as soon as I return.

I took a set of photos, per your excellent suggestion, of the Belarc results.

If you are available when I return, cool. If not, I have lot's of time today after I return.

Respectfully,

Sounds good. I should be in and out...have some computer work to take care of today.

Bruce SX said:

I'm back, but not ready. My roomie is going to be awhile dealing with all her passwords. I'm going to let her use my pc to reset them all. I fear it may take some time. She opted to let her pc remember all her passwords for her but she hadn't bothered to record them.

I have stressed the fact that she needs to re-evaluate her log-in procedures so that this doesn't happen again in the future. For her protection. She understands.

It isn't all her fault anyway. Had it not been for my ignorance, in surrendering control of her pc to someone unknown, this situation may not have been necessary.

It really doesn't matter. Allowing your browser to remember your passwords is a very dangerous thing. All you have to do is visit a page with a malicious script that steals them all and you're screwed. A password manager is the only way to go.

She didn't by any chance use FireFox for her main browser, did she?

Bruce SX said:

No. She likes Google Chrome.

I, however, do use Firefox as my main browser. Should I be concerned? I ask as I was going to try and convince her to do the same.

I can get the passwords from Firefox easily, that's why I asked. I prefer Firefox - it's just a safer browser. I try not to use Chrome, so don't know off the top of my head how to get to the passwords in it (have to google that).

Open your Chrome browser and from the top right Chrome menu button, select Settings. Alternatively, you can simply type chrome://settings in the address bar and hit Enter. Scroll down and click on Show advanced settings. Now scroll down to the Passwords and forms section and click on the Manage passwords link.

Or, go to passwords.google.com if they are being synced.

Bruce SX said:

Maureen got around to changing most of her passwords this morning on my pc. She has been working all weekend so I didn't press to hard.

I should be ready to go by around 10am your time tomorrow(Monday) morning.

Again, I thank you for your patience in helping with this issue. Thanks to you there is light at the end of the tunnel. It will, however, enable me to move forward if it happens again.

On my pc I use lastpass(the free version). I will set her up with it on her notebook. I am also showing her the benefits of pc security.

Maureen asked me to relay to you her appreciation, and heartfelt thanks, for the assistance you've provided.

Best,

No problem. That sounds fine. I also use LastPass and am really pleased with it.

Maureen and you are very welcome. I am sorry this happened, but, in the end, it's a good thing we are able to recover from it, and that there wasn't more severe damage at the onset. I've had scammed computers with the SysKey set by the perpetrators, so that rebooting locked the owner out completely. (and, yes, there is a way out of that as well, but it's a bit involved.)

Just a few things for Maureen to think about:
It's good to change important passwords every so often (like email, banking, online retailers). The situation of Yahoo being breached, several times, without people finding out until months later, is one example where regular password changes help mitigate those problems, at least to some degree. Once a scammer has your email password, he'll start doing password resets on all your other accounts, and virtually begin to take over your online identity. Two-factor authentication is also recommended wherever it is offered.

Never "re-use" passwords. Each account should have a unique password, so that if one is breached, it doesn't give hackers access to other accounts as well. LastPass will auto-generate secure passwords for her in the future.

LastPass should only be logged in when you need to use it; otherwise it should be set to auto-log-off after a very short amount of time, and also upon browser close. The master password should be complex, (upper+lower case letters+numbers+special characters), but in a way that is easy to remember, and never written down. It also will sync to her smartphone, and should be used there as well. It is also possible to have it generate a one-time password, in case she gets locked out. Remember, LP information is encrypted, salted and hashed using very strong algorithms before it leaves your computer to go to their online servers, so even the employees never have access to your info. Previous hacks of LP servers have resulted in useless databases of gibberish.

-------------------------------
Post 6 has the prep info for the clean install. Once you've got the downloads finished, we'll walk through it.
Please be sure to have a list of her currently installed programs, so we can get her back up and running, verify W10 Home or Pro, (you indicated it was Home), grab the W10 key from ShowKeyPlus, and all data is backed up. Important: You will *NOT* be entering a key during the install.

Question: Does she log into her computer using her MS account, or a non-MS account? If she uses her MS account to login to the computer, this computer will show up on her device list in her MS account. Once the clean install is complete, there will likely be 2 systems in her device list. The old one can then be deleted. This is relevant because MS allow a maximum of 10 devices.