We got hit by a scammer who gained access to our computer and now I’m wondering what to do.
The computer is running Window 10 Home edition.
It was a classic scam. My son was working on his computer last night – writing a Google Doc on Chrome – when a window popped up that said he had a virus and he needed to call a Microsoft technician to fix it (855-281-5548).
He called… the guy, “Rick”, told him to go to logmeinrescue.com and start a session, so he did. The guy then got into the computer, fished around, and pulled up some files and showed a list of my son’s usernames and passwords… probably the one’s stored in Chrome?... and said the virus made the passwords visible and he needed to buy some firewall software for $300. That’s when my son called me. When he told me what was going on, I told him to unplug the computer immediately and hang up on the guy!
When I got home, I disconnected his computer from the internet and ran a virus scan (Avast internet security) which came up clean. My son changed all his passwords from a different computer. The rest of the computers on my home wifi network I changed the network settings to non-discoverable and no file sharing. They are all running Avast as well.
I saw that “Rick” had installed a logmeinrescue app as well as a program called Systweak. I removed them both. I looked through the Avast firewall log and saw that when “Rick” was first contacted, the first thing that happened was that a network rule had been created for HH.exe. Not knowing what else to do I deleted that file. I can see from the logmeinrescue log that Rick requested a bunch of information about the computer as well as three of files that belong to a game.
So, now that my family has learned a valuable lesson about social engineering, I have these questions:
1) How did he get to see user names and passwords? I had assumed they were encrypted if they were stored on Chrome. Is that something anyone can do?
2) Are the rest of the computers on my home network safe or are they compromised now as well?
3) What else do I do on my son’s computer to ensure there is no spyware, etc.? Can I trust Avast to catch anything that might be there? Is there another program that would be helpful? Do I need to do a full reinstallation of the OS?
Thanks for any help you can give!