Ex-Wife's Computer Hacked...

[mark02tj]

THANKS to all of you for the responses!!

I'm going to go ahead and run the malware programs to see if anything is left on the system. If so, I'll clean it up and then I'm going to do a system restore just to set everything back to the way it was. She was already running Norton for anti-virus so I need to get that key information off before I do the system restore.

Even though she's the "ex-wife", I will cut her some slack on this. She's generally pretty suspicious about stuff like this, but apparently this guy was pretty good and insistent. At least she called me during the incident and not afterwards when it was completely too late. On a positive note, she uses this computer for nothing but web browsing so there's no pictures (to be encoded and held for ransom), no personal documents, no financial information in either Quicken or Excel or pretty much anything else. About the only thing this guy could have gotten was information from the cookies but she doesn't store her passwords on the system so not sure what's really in there that this guy could have gotten.

Again, MANY THANKS for all the helpful advice!!

 

[MNBobcat]

I'm an expert on this stuff. Take it to someone who know's what they are doing. They may have installed a root kit on your PC. You really need someone who has experience.

 

[mark02tj]

Would reformatting the drive remove the root kit if one was installed?

 

[MNBobcat]

Would reformatting the drive remove the root kit if one was installed?

A normal windows root kit would be removed. But there are infections that can modify the master boot record. You can boot to recovery console with a Windows disk, and run "bootrec /fixboot" and "bootrec /fixmbr" to fix those.

I would recommend when reformatting to use a utility that writes all zeros to the drive.

But I actually don't recommend reformatting and reinstalling windows to people unless you truly can afford to start over with reinstalling your programs, etc. A good tech can almost always clean everything up without having to reformat and reinstall.

 

[greenmojo]

I work as a Windows System Admin for one of the largest banks in the world so let me chime in on sound advice on computing online.


Sounds like the iYogi scam call. She was scammed for sure-NEVER let anyone call you to tell you have a computer problem or a virus. Glad she changed her passwords because thats the first and smartest thing you can do.

Never store passwords on computer at least unencrypted. If your strapped for cash download a free AV in the least. I have been using AVAST! Free AV on all my computers and smart phones for 15 years now and it really does work better than any other free AV out there, tried them all.

Change password every 90 days if you can. Backup all your essential data on an external drive or CD\DVD and lock it in a safe (more of a disaster recovery prevention but also keeps clean data in the event of a hack\worm or visus).

Keep your home router locked-never leave it opened to public-in fact hide it all together (from broadcasting SSID)

Take advantage of online security sights new security features like secret questions etc. Even if they hack you and get your secret answer you will at least get notified that you changed your workstation or device by email.
Hotmail, yahoo, gmail offer free email so always carry at least two-one for play(make sure email name has nothing to do with your name or lacation) and the other for family communication etc.

There are more security measures like free Spybot, Adaware programs but staying diligent in websites you visit and never allowing anyone into you computer or device is the key to less headache later on.

+1

I own an information security company, we write intrusion detection software.

Those calls are more common than ever. If they hadn't yet, the next step was to have your wife download and install software to make his antics a little easier.

A bit frustrating, but if you are capable of backing up your personal data and re-installing, this is the course of action. If not, bother that techie family member (preferably the in-law, they love it). In the information security world, there isn't anyone who is skilled enough to remove the "potential" components of a compromise, by the simple rule that there are always smarter and more cunning individuals than you. By policy, a compromised system is wiped and re-provisioned, taking care not to restore the path to compromise.

Of course, everyone here is always available for help. Just ask.

~Moses

 

[Oaktree]

Something that hasn't been mentioned yet, but always a good idea is to create a user account that just has "user" privileges, not an admin. Won't make it impossible for malware to get installed, but it'll make it harder.

 

[cqaigy2]

I haven't been called by "microsoft", rather the choice around here is to say they are from "windows". Maybe they think that by using windows instead of microsoft, that the real microsoft won't put a bulls eye on them. I'd use dban on the hard drive and reinstall.