My trusting husband fell for the scam where a pop up window told him that there was a problem with his computer and to call a number pretending to be Microsoft. He called them and gave them remote access to our computer. He paid the $300.00 to fix the problem. Of course it was not Microsoft he was talking to. It was a "company" called ProTekt. I came home right after the computer had to be rebooted. At the point that I came in stopzilla (presumably) was waiting to be installed and the mouse curser was moving around the screen. I immediately turned off the computer. The person he was dealing with started calling and have called a few times since but I have not picked it up. We immediately drove to a safe computer (30 min drive) to reset all important account passwords. I called my credit card company and have also put a fraud alert with all credit reporting agencies. I disconnected the computer from the internet and took a look at what they did:
They uninstalled my virus software and installed what appears to have been support.com , wisecare, malwarebytes and total uninstall 6 and stopzilla software. They also seemed to erase all my foxfire settings. They created an "old firefox" floder. Who knows what they really loaded. I had previously been dealing with some drive errors that were preventing me from creating or using restore points. This is one reason my husband fell for the scam. He knew we had been having problems. Anyway I decided to restore windows 7 to factory settings. My computer did not come with disks so I did it from the restore program. I chose the complete reformat option. I did reluctantly allow windows to install norton because I was worried about not having any protection. I have ran norton, malwarebytes and avast and the system seems clean. I reset my router passwords and set my firewall to the highest level.
I am still feeling unsafe. Since windows was loaded from the computer itself could they have gotten to the restore file and put spyware on it? My understand is that it is hard to do but that they could have installed something on my MBR. Could they have gotten into my email? What could they have done in it before I managed to change the password? Should I get a whole new email account? I have not seen any unusual activity in my email except that I just got a phony email pretending to be from paypal telling me that my password and security questions had been changed. They wanted me to hit a link to get a phone number to call if I had not been the one to make the changes. Instead I went to paypal.com and got the number from there where they told me that no changes had happened. That makes me feel that they at the very least got my email address. How concerned should I be? Should I just go get a new computer to put my mind to rest? I do not want to type any credit card numbers into the computer or log into any accounts out of fear that they will be able to see it. For example paypal suggested that I lof inot my account and change my password but I do not want to so that if they can see what I am doing and will just get the new password. The credit card associated with paypal has been canceled and the attached checking account was closed long ago but I still feel uncomfortable doing anything like that. Am I being overly cautious?
The protekt people have called at least two times and let the phone ring once maybe twice before hanging up. Are they trying to see if they are able to still remotely connect? Their last call was on Friday.
I am sorry that this is so long. This has been very stressful few days and my husband feels like such a fool. It is such a horrible feeling. Any advice would be appreciated.