Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Assistance Scam Victim - advice needed


  • Please log in to reply
7 replies to this topic

#1 Andyclockwise

Andyclockwise

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 14 June 2015 - 05:26 AM

A friend has asked me to help her with her Acer Aspire 5734Z laptop running W7 HP. She was caught out by a very plausible confidence trickster who persuaded her to install TeamViewer10 and got her send money via online banking for a service. He then proceeded to empty her bank account. She has reported to her bank etc and they advised her to get help from an expert regarding her laptop and undoing the damage.

 

My initial thinking is to reset the laptop back to factory settings using the recovery partition, after backing up her data to a memory stick and scanning it for infection. Will this be safe enough, or could the recovery partition have been compromised too. Should I remove the hard disk and format and do a deep clean?

 

Any suggestions would be gratefully received.


Edited by hamluis, 14 June 2015 - 06:10 AM.
Moved from Win 7 to Gen Security - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 14 June 2015 - 09:45 AM

Hi Andyclockwise :)

If that thief simply installed Teamviewer 10 on her computer and that's how he got access to it the whole time, uninstalling Teamviewer is all you have to do. And even there, if he didn't set a permanent password on her computer, he won't be able to log back in until she gives him the ID and password again. So unless she have suspicions that the thief really infected her laptop with a malware once he had remote control, there's no reason to do a Factory Reset or even perform malware removal on it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Andyclockwise

Andyclockwise
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 14 June 2015 - 09:53 AM

Thanks Aura. Problem is she doesn't know if she's been infected. Also the laptop was running slow and probably needs a thorough spring clean. I'm thinking a factory reset might be the best way to go.

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 14 June 2015 - 09:58 AM

I would go with a Factory Reset as well. It's rare for Recovery partitions to be infected but it's possible. However, without knowing if there's actually malware on the system, and if yes, what kind, it's just assumptions.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:18 AM

Posted 14 June 2015 - 10:08 AM

I would suggest that she backup all of her important data to removable media, such as an external hdd, flash drive, DVDs, etc.

 

Using the System Recovery will revert the operating system to the condition it came out of the box.  It will remove any programs which were install after the first time it was turned on, all data, pictures, music, videos, games, email client and all store correspondence, etc.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Andyclockwise

Andyclockwise
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 PM

Posted 14 June 2015 - 10:29 AM

Thanks Aura and DC3. I'm going to suggest the factory reset after backing up the data, docs and photos. Will also suggest a scan after reset with malware bytes and windows defender.

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:18 PM

Posted 14 June 2015 - 10:34 AM

If you want, you can include the Recovery partition in both scans and see if something is being picked up from there. Good luck with the reset, let us know how it goes :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:18 PM

Posted 14 June 2015 - 05:45 PM

You may want to read: How Do I Handle Identify Theft, Scams and Internet Fraud
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users