MrADeV
New Member
- Messages
- 1
- Location
- Gainesville FL
Hi everyone,
Like the title says my Uncle let someone in after getting a Facebook redirect. Got them for 500 some-odd dollars, installed things on their computer, cleaned it up, sold him three years of support, etc.
Financial precautions have been taken, card cancelled, LifeLock notified, all passwords changed everywhere, creditors notified to keep an eye on them, etc.
The "3rd party, hired by Microsoft" surprisingly left a functioning callback number and case reference number. They refuse to speak with me though. The support company is called "OKTechPay" (as if that wasn't a dead give away) they left a phone number in the system tray, I've never seen that before, kinda impressed at that bit.
I am trying to recover their computer at this point and I am actually at a little bit of a loss, these guys did a pretty good job of ****ing this thing up. restore points are gone, .reg backup was cleaned out, a save was made after the penetration. The usual stuff isn't getting me anywhere.
I've let MalwareBytes take a crack at the machine with no results. I've had Avast do a boot-time scan that came back clean, excluding some things from HP's Bloatware Wildtangent Games.
I'd like to not do a full reset on the PC if possible, they have several years worth of data in the computer.
Part of that data is pretty sensitive stuff, so if it's gotta go they trust me to get rid of it.
Any ideas for me to clean this mess up and look for backdoors and loggers?
Thank you.
Like the title says my Uncle let someone in after getting a Facebook redirect. Got them for 500 some-odd dollars, installed things on their computer, cleaned it up, sold him three years of support, etc.
Financial precautions have been taken, card cancelled, LifeLock notified, all passwords changed everywhere, creditors notified to keep an eye on them, etc.
The "3rd party, hired by Microsoft" surprisingly left a functioning callback number and case reference number. They refuse to speak with me though. The support company is called "OKTechPay" (as if that wasn't a dead give away) they left a phone number in the system tray, I've never seen that before, kinda impressed at that bit.
I am trying to recover their computer at this point and I am actually at a little bit of a loss, these guys did a pretty good job of ****ing this thing up. restore points are gone, .reg backup was cleaned out, a save was made after the penetration. The usual stuff isn't getting me anywhere.
I've let MalwareBytes take a crack at the machine with no results. I've had Avast do a boot-time scan that came back clean, excluding some things from HP's Bloatware Wildtangent Games.
I'd like to not do a full reset on the PC if possible, they have several years worth of data in the computer.
Part of that data is pretty sensitive stuff, so if it's gotta go they trust me to get rid of it.
Any ideas for me to clean this mess up and look for backdoors and loggers?
Thank you.
My Computer
System One
-
- OS
- Win 7 Pro
- Computer type
- Laptop
- System Manufacturer/Model
- Dell E6530
- CPU
- Intel i5
- Motherboard
- Dell Proprietary?
- Memory
- 8 gb
- Graphics Card(s)
- Integrated
- Sound Card
- Integrated
- Monitor(s) Displays
- Dell 17" (x3)
- Hard Drives
- 5400 RPM 320 GB
- Internet Speed
- Varies
- Browser
- Mozilla FireFox
- Antivirus
- Symantec