It has been a long time I posted here, but well...I'm back!
This time it is my mother-in-law's Windows 10 (Home Edition) computer that is the victim.
Earlier today she was browsing online for information on the presidential election primaries while using Mozilla Firefox and ended up on a page that gave her a warning about a virus or unwanted activity on the computer and a very loud piercing sire along with a phone number.
Yup! My 76 year old mother-in-law panicked due to the sound and called the number - 1-855-816-4648. The person that answered identified himself as being from Microsoft, with the name of Flea.
This person then proceeded to ask her all sorts of questions; what browser do you use? do you have Internet Explorer? What is your network? All of which she answered to the best of her ability, and then this guy asked for a remote session using GoToAssist from fastsupport.com. He poked around in the computer, but being a bit panicked and not technically saavy she was not sure what he was doing --- then called her daughters (including my wife) who immediately had her shut down the computer, hang up on the attacked and called me and got me on the line with Mom.
Unfortunately this person had unfettered control for a time period of maybe 15-30 minutes or more...I'm unclear. The assist session was opened at 2:36pm EST on 3/4/16 and I wasn't called until 3:36pm.
I advised her to leave the computer off, call the bank and credit card companies and get alerts on her accounts in case of theft....which she did, but only after turning the computer back on for an undetermined length of time (maybe 10 minutes) - during which she accessed files with account credentials (passwords too!) logged in to some accounts and was on the phone with the bank when I arrived -- I immediately unplugged it and took it home with me.
The computer is isolated, not on any network - I have a Malware-bytes scan running on it now, after which I would likely run Windows Defender scans to see what - if anything - is on the machine.
Looking at the security/system/application event logs I see some accounts elevation activity - which concerns me.
What steps would you very fine folks recommend I take to insure that this computer is root-kit, malware, virus, key-logger, etc. free?
I'm eagerly awaiting your advice.