Is a Windows Reset Sufficient After Scammers Have Had Remote Access?

Topic

New Reply

If a fake tech support scammer has had remote access to a PC, will a Windows reset be sufficient,or should the computer’s hard drive be replaced? And should the computer owner purchase an Identity Theft protection service? Looking to advise a friend who gave access to his PC. Details (as much as he was able to provide) are below. Thanks for any ideas on this.

A friend got what he described as a very serious red and white message on his PC that he could not clear, telling him to contact Microsoft Support at the provided number. He called, gave them remote access, and said the tech found problems on his PC which the tech  fixed. Also while connected remotely, the tech also had my friend access his Amazon account and his online banking accounts while connected via remote access to “verify that my friend’s accounts were still secure”.

Reply | Quote

Replies

No need to replace the hard drive. If your friend has a full image backup on a not connect external HDD or cloud service then he can fully restore from the image.
If no backup your friend can wipe the HDD and clean install Windows and the apps. Data will be lost.
Dealing with bank account and Amazon your friend should notify both on the hacks as well as his credit cards service , change passwords, cancel his credit cards…
He should monitor all bank accounts transaction.

2 users thanked author for this post.

WSbobby-p, kc27

Reply | Quote

Thanks for the suggestions. My friend is happy with the performance of his computer after whatever fixes the technician implemented, and is reluctant to take any action at this time. He has not noticed any unexplainable financial transactions on any of his financial accounts, so he feels all is well, and I am being an alarmist. I would not feel comfortable using that computer until it had been reset, but we all have differ3ent tolerances for risk.

 

 

Reply | Quote

As you say, we all make different assessments of risk, but the fact that your friend exposed his bank details to these “technicians” (i.e. scammers), means that his financial security has been seriously compromised

If it was me, I’d maybe try one more time to get him to implement Alec’s suggestions. You’re not being alarmist, just realistically sensible

2 users thanked author for this post.

Cybertooth, kc27

Reply | Quote

NaNoNyMouse wrote:

You’re not being alarmist, just realistically sensible

Exactly!

It’s pretty much become SOP for hackers to wait 6 months or longer before using stolen account info to access anything specifically to lure victims into a false sense of “no harm done” so they’ll take no action to protect their now compromised accounts.

Once enough time has past that the user has most likely completely forgotten all about the hacking incidence, the hackers will used the stolen access to hammered the user’s accounts at all once so there won’t be time to respond before the damage is done.

I’d highly suggest your friend take the actions recommended by Alex ASAP.

1 user thanked author for this post.

kc27

Reply | Quote

Thanks @NaNoNyMouse and @n0ads. If what @Alex5723 suggested is too extreme for my friend, would scanning and cleaning his PC using anti-virus and anti-malware tools be sufficient? He has the paid version of AVG.

Reply | Quote

kc27 wrote:

I would not feel comfortable using that computer until it had been reset, but we all have differ3ent tolerances for risk.

The hackers may have planted a rootkit tracking/tracing every keystroke or even joining his PC to a botnet.
Without checking his connections in real-time using an app such as Wireshark he will never know what data is being taken by the hackers.
It is also possible that a dormant ransomware have been planted to be awaken in the future.

In the end it all depends on how much he values his privacy, data and his money.

Reply | Quote

Alex5723 wrote:

In the end it all depends on how much he values his privacy, data and his money.

He places a high priority on all of the above. He removed his wifi router for security reasons, even though no neighbors or streets were within range of his wifi. He is not tech savvy. He needs consistency in order to operate his PC. That is probably why he reluctant to do the Windows reset – he may not be able to get the PC configured the way it is now. Hopefully he will have a change of heart.

Reply | Quote

kc27 wrote:

He removed his wifi router for security reasons

He use cellular for Internet connection ? Or do you mean he blocked wi-fi and the router is connected by wire.

Reply | Quote

Alex5723 wrote:

Or do you mean he blocked wi-fi and the router is connected by wire.

He had a separate wi-fi router that he removed. He runs an Ethernet cable from the cable modem to his desktop PC. There are no wireless devices in the house other than his iPhone.

1 user thanked author for this post.

Alex5723

Reply | Quote

kc27 wrote:

He places a high priority on all of the above.

My impression is that he values his PC’s settings above anything else.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Alex5723 wrote:

My impression is that he values his PC’s settings above anything else.

Sort of. My analogy is that of a novice roller skater clinging to the railing at the edge of the rink to prevent themselves from falling. The lack of computer skills has him clinging to familiar desktops, menus, preference settings the same way the novice skater clings to the railing. A Windows reset will remove that “railing”, or at least temporarily remove it. I am hoping he thinks this over and agrees to a reset.

1 user thanked author for this post.

Alex5723

Reply | Quote

I don’t want to be rude, but…. If your friend does not cancel all his credit cards, notify his bank, change all his passwords and reinstall Windows… he deserves whatever misfortune will come to him.

Reply | Quote

kc27 wrote:

He runs an Ethernet cable from the cable modem to his desktop PC

Then he is probably directly connected to the internet and open to all sorts of malware and script kiddie attacks.
Put the router back and either set a good wifi password or turn wifi off. Also change the router admin password and make sure remote management is turned off.

He also needs to change all Amazon / bank passwords, cancel cards and get replacements and then put a lock on his credit checks so they can’t use his stolen details to get new cards / accounts (identity theft).

And reinstall Windows from scratch. No telling what back doors now exist on his machine.

“All seems well” is not good enough when a bad actor has had full access to your machine!

cheers, Paul

 

5 users thanked author for this post.

kc27, Cybertooth, WSbobby-p, b, Alex5723

Reply | Quote

Paul T wrote:

And reinstall Windows from scratch.

By “from scratch” do you mean reformat the hard drive and reinstall Windows? That would be preferable over a reset of Windows?

Reply | Quote

Reset would not be what I would recommend.  And glory be, he/she needs to change those credit cards and change his Amazon password.

Tech Support Scams on the Rise, Know the Warning Signs (aarp.org)

Send them that.

The attacker probably harvested the passwords while connected remotely.  He/she needs to add two factor to those accounts.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

WSbobby-p

Reply | Quote

Susan Bradley wrote:

Tech Support Scams on the Rise, Know the Warning Signs (aarp.org)

This was a good article, thanks. From this thread he should:

1. Change passwords (using a different computer)
2. Activating two-factor authentication if not already implemented
3. Cancel credit cards
4. Notify banks
5. Put a security freeze on his credit reports
6. Put a router between the cable modem and the PC
7. Format the hard drive and reinstall the OS and software,

Should he purchase an identity theft protection service, too?

Reply | Quote

I only get those services when I know I’ve been hacked and the other company has paid for them.  I think items 2-5 will do you the most good rather than a security monitoring service but that’s my personal opinion.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

WSbobby-p

Reply | Quote

Yes, format and reinstall Windows. You can never be too careful.

See this article on ID theft protection. Free monitoring may be enough.
https://www.latimes.com/business/technology/story/2022-12-08/do-you-need-lifelock-identity-theft-protection

cheers, Paul

1 user thanked author for this post.

windbg

Reply | Quote

I passed along the “Tech Support Scams on the Rise, Know the Warning Signs ” article  which helped convince the user to get the hard drive reformatted and act on the other advice given in this thread. He just did not realize the damage that can be caused by trusting the wrong people.

6 users thanked author for this post.

windbg, WSbobby-p, PKCano, NaNoNyMouse, Alex5723, Susan Bradley

Reply | Quote