• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Uncle let "Microsoft" remote in, help with Malware removal


#1
Hi everyone,

Like the title says my Uncle let someone in after getting a Facebook redirect. Got them for 500 some-odd dollars, installed things on their computer, cleaned it up, sold him three years of support, etc.

Financial precautions have been taken, card cancelled, LifeLock notified, all passwords changed everywhere, creditors notified to keep an eye on them, etc.

The "3rd party, hired by Microsoft" surprisingly left a functioning callback number and case reference number. They refuse to speak with me though. The support company is called "OKTechPay" (as if that wasn't a dead give away) they left a phone number in the system tray, I've never seen that before, kinda impressed at that bit.

I am trying to recover their computer at this point and I am actually at a little bit of a loss, these guys did a pretty good job of ****ing this thing up. restore points are gone, .reg backup was cleaned out, a save was made after the penetration. The usual stuff isn't getting me anywhere.

I've let MalwareBytes take a crack at the machine with no results. I've had Avast do a boot-time scan that came back clean, excluding some things from HP's Bloatware Wildtangent Games.

I'd like to not do a full reset on the PC if possible, they have several years worth of data in the computer.

Part of that data is pretty sensitive stuff, so if it's gotta go they trust me to get rid of it.

Any ideas for me to clean this mess up and look for backdoors and loggers?

Thank you.
 

My Computer

System One

  • OS
    Win 7 Pro
    Computer type
    Laptop
    System Manufacturer/Model
    Dell E6530
    CPU
    Intel i5
    Motherboard
    Dell Proprietary?
    Memory
    8 gb
    Graphics Card(s)
    Integrated
    Sound Card
    Integrated
    Monitor(s) Displays
    Dell 17" (x3)
    Hard Drives
    5400 RPM 320 GB
    Internet Speed
    Varies
    Browser
    Mozilla FireFox
    Antivirus
    Symantec

Bat 1

I QUIT !!!
Member
I QUIT !!!

Posts
533
#2
Most Tech Support Scammers are script kiddies But I wouldn't take any chances. If I was working on a PC that Someone or Something had been given Admin level control, especially given the statements, "they have several years worth of data in the computer.
Part of that data is pretty sensitive stuff" I'd put in a new HDD after clearing the BIOS and do a fresh install without the HP Bloatware.

Dock the old HDD and transfer the Data to the new one, then low level format the old drive and make a bootable Cloned Copy just in case something like that ever happened again.

You could just do a Factory Refresh after backing the Data to another drive and clearing the BIOS as well. If Malwarebytes and Avast boot-time scans come up clean, then there's prolly not anything to worry about, but it's always better to be safe than sorry.
 

My Computer

System One

  • OS
    ME

Users Who Are Viewing This Thread (Users: 0, Guests: 1)