This is an HP quad laptop with Win 10, brand new on Feb 1, 2016. I set it up all optimized, installed Office 360 and Trend Micro (not my recommendation, but they had already paid for it). I wrote down detailed instructions on how to DL, install, and run MBAM. But she never ran it. She is a literature geek who researches some very strange and esoteric stuff. But a luddite...
On Feb 27, her AV filtered some threats from a Tor redirect in Panama.
Then 2 weeks ago, she got a pop-up with audio warning her of many threats etc etc. She fell for it, and called them. They walked her through installing GoToAssist, then spent 30 minutes in her system doing God-knows-what And then (happily) only charged her $150 on debit.
She finally got worried and contacted her bank. Then called me.
I can't find anything! Nothing! No apps, only a shortcut for GoToAssist, but the app is not installed... The event viewer only goes back to March 19, and there are no restore points. No history in any security software, and Malwarebytes (which she did install) was gone. Only a shortcut left.
I'm not sure what these bad guys call themselves, just "IT -something...". Can't find any traces of them.
So I ran MBAM, Spybot, ADW cleaner, and a few others. They found nothing. I mean NOTHING. They always find at least a few cookies, but NOTHING. ????
So I ran MBAR, and it found 6 rootkits (trojans, etc). THen I ran MBAM again, and it found one thing. So I ran MBAR again, and it found another, and now I'm assuming that I'd better reset the PC.
But huh? When she contacted her bank, did they remote back into her system and erase all tracks? How did they get GoToAssist off there? Only the shortcut was left.
Edited by Orange Blossom, 24 March 2016 - 12:44 PM.
Moved to AII. ~ OB