Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got back my stolen computer - what could thief have done?


  • Please log in to reply
5 replies to this topic

#1 The Constant Student

The Constant Student

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 06 August 2011 - 10:28 AM

Hello all,

A few months ago my house was robbed and my netbook (a Gateway LT3013u running Windows Vista Basic) stolen. The local detective did a great job - she found the thief, he confessed, and she retrieved the netbook and power cord and returned them to me.

When I turned on the computer, it was on the Windows Vista account creation page. Clearly, the thief had wiped the computer and reinstalled Windows in preparation for reselling it. The Windows Proof of License sticker was missing. I set up an account and checked the computer properties; it said that Windows had been activated and it had a product ID for Windows Vista Basic. Looking at the User Accounts, the account I created is the administrator, and there's a Guest account that's currently off.

My worry is that the thief may have also installed a keylogger or some similar identity theft tool, so I have not connected the computer to the internet. (I'm writing this on my work computer).

I would just do another Windows clean reinstall, but the Product Key sticker is missing.

My question is: what would you do in my situation? Am I being overly paranoid? To be truly safe, should I buy a new copy of Windows Vista Basic and install that? Would I be safe just getting a really good antivirus program and scanning the computer with that?

I would greatly appreciate any advice you can give me. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:05 PM

Posted 06 August 2011 - 10:56 AM

My first advice, albeit sounds bad, but I would recommend buying another copy of Windows Vista and using that key.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:05 PM

Posted 06 August 2011 - 12:42 PM

The product key is your license (not the physical cd) and exists as one way to ensure that you have a valid copy of the Windows. The key is a 25-character security code located on your Certificate of Authenticity (COA) and affixed to your Desktop computer or laptop. Microsoft stores this information in a database so that no one else can use your key on another computer. If you key has been lost or stolen, please contact Microsoft Customer Support and explain the circumstances. If you filed a police report, be sure to have a copy of the report with an incident number in case you are asked to provide that information.

How to obtain a replacement product key
If the software came preinstalled on your computer, please contact the manufacturer of your computer to obtain a replacement product key.

To replace a Microsoft product key for a product you purchased separately from your computer, you must contact Microsoft Customer Service and Support. To locate the appropriate telephone number, visit the following Microsoft Web site:
http://support.microsoft.com/contactus

Note When you contact Microsoft Customer Service and Support for a replacement product key, you may have to pay a fee. You may also have to provide information from your computer or from the product CD or DVD when you are speaking to the customer service representative.

How to obtain a replacement product key


IMPORTANT NOTE: If your computer was stolen and was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,665 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 07 August 2011 - 07:12 AM

No, you're not too paranoid. You don't know what the thief intended to do to the computer.
And even if he didn't do anything knowingly malicious, he might still have infected the computer unknowingly.

I recommend you take this as an opportunity to reinstall your computer, and once you have reinstalled it (together with your applications), take a full disk backup so you can easily recover from a malware infection should this ever happen to you.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Required Field

Required Field

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:05 PM

Posted 08 August 2011 - 04:27 PM

"IMPORTANT NOTE: If your computer was stolen and was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity."
Too true.
After doing everything suggested above in quietman7's post, I'd contact the manufacturer and order the recovery disks for your system. With shipping, it probably won't be more than $20. If it's a netbook, though, you'll need an external optical drive (if you don't already have one.) Try here. https://secure.tx.acer.com/RCDB/Main.aspx?brand=Gateway
"Most quotes attributed to famous people on the internet are fake." -Abraham Lincoln

#6 The Constant Student

The Constant Student
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:05 PM

Posted 10 August 2011 - 08:54 AM

Thank you all for your advice!

Required Field, that's exactly the link that I used. It was given to me by a Gateway online chat help agent. I had to enter my SNID number to verify that I was a legitimate customer. You're also right about the price - $20.95 - so it's much cheaper than buying a new version of Windows 7.

When it arrives, I plan to use WinToFlash to copy the CD to a 4GB USB drive (since I don't have an external optical drive).

Didier, I also plan to follow your advice and do a full disk backup to an external hard drive once the computer's up and running.

I'm definitely glad that I'll have absolute peace of mind that no trace of anything the thief did will be left on the computer. Thanks again to all of you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users