• Is a Windows Reset Sufficient After Scammers Have Had Remote Access?

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Home Users » Is a Windows Reset Sufficient After Scammers Have Had Remote Access?

    Author
    Topic
    #2587498

    If a fake tech support scammer has had remote access to a PC, will a Windows reset be sufficient,or should the computer’s hard drive be replaced? And should the computer owner purchase an Identity Theft protection service? Looking to advise a friend who gave access to his PC. Details (as much as he was able to provide) are below. Thanks for any ideas on this.

    A friend got what he described as a very serious red and white message on his PC that he could not clear, telling him to contact Microsoft Support at the provided number. He called, gave them remote access, and said the tech found problems on his PC which the tech  fixed. Also while connected remotely, the tech also had my friend access his Amazon account and his online banking accounts while connected via remote access to “verify that my friend’s accounts were still secure”.

    Viewing 11 reply threads
    Author
    Replies
    • #2587511

      No need to replace the hard drive. If your friend has a full image backup on a not connect external HDD or cloud service then he can fully restore from the image.
      If no backup your friend can wipe the HDD and clean install Windows and the apps. Data will be lost.
      Dealing with bank account and Amazon your friend should notify both on the hacks as well as his credit cards service , change passwords, cancel his credit cards…
      He should monitor all bank accounts transaction.

      2 users thanked author for this post.
      • #2587550

        Thanks for the suggestions. My friend is happy with the performance of his computer after whatever fixes the technician implemented, and is reluctant to take any action at this time. He has not noticed any unexplainable financial transactions on any of his financial accounts, so he feels all is well, and I am being an alarmist. I would not feel comfortable using that computer until it had been reset, but we all have differ3ent tolerances for risk.

         

         

    • #2587552

      As you say, we all make different assessments of risk, but the fact that your friend exposed his bank details to these “technicians” (i.e. scammers), means that his financial security has been seriously compromised

      If it was me, I’d maybe try one more time to get him to implement Alec’s suggestions. You’re not being alarmist, just realistically sensible

      2 users thanked author for this post.
    • #2587556

      You’re not being alarmist, just realistically sensible

      Exactly!

      It’s pretty much become SOP for hackers to wait 6 months or longer before using stolen account info to access anything specifically to lure victims into a false sense of “no harm done” so they’ll take no action to protect their now compromised accounts.

      Once enough time has past that the user has most likely completely forgotten all about the hacking incidence, the hackers will used the stolen access to hammered the user’s accounts at all once so there won’t be time to respond before the damage is done.

      I’d highly suggest your friend take the actions recommended by Alex ASAP.

      1 user thanked author for this post.
    • #2587576

      Thanks @NaNoNyMouse and @n0ads. If what @Alex5723 suggested is too extreme for my friend, would scanning and cleaning his PC using anti-virus and anti-malware tools be sufficient? He has the paid version of AVG.

    • #2587597

      I would not feel comfortable using that computer until it had been reset, but we all have differ3ent tolerances for risk.

      The hackers may have planted a rootkit tracking/tracing every keystroke or even joining his PC to a botnet.
      Without checking his connections in real-time using an app such as Wireshark he will never know what data is being taken by the hackers.
      It is also possible that a dormant ransomware have been planted to be awaken in the future.

      In the end it all depends on how much he values his privacy, data and his money.

    • #2587602

      In the end it all depends on how much he values his privacy, data and his money.

      He places a high priority on all of the above. He removed his wifi router for security reasons, even though no neighbors or streets were within range of his wifi. He is not tech savvy. He needs consistency in order to operate his PC. That is probably why he reluctant to do the Windows reset – he may not be able to get the PC configured the way it is now. Hopefully he will have a change of heart.

    • #2587606

      He removed his wifi router for security reasons

      He use cellular for Internet connection ? Or do you mean he blocked wi-fi and the router is connected by wire.

      • #2587611

        Or do you mean he blocked wi-fi and the router is connected by wire.

        He had a separate wi-fi router that he removed. He runs an Ethernet cable from the cable modem to his desktop PC. There are no wireless devices in the house other than his iPhone.

        1 user thanked author for this post.
    • #2587614

      He places a high priority on all of the above.

      My impression is that he values his PC’s settings above anything else.

      1 user thanked author for this post.
      • #2587629

        My impression is that he values his PC’s settings above anything else.

        Sort of. My analogy is that of a novice roller skater clinging to the railing at the edge of the rink to prevent themselves from falling. The lack of computer skills has him clinging to familiar desktops, menus, preference settings the same way the novice skater clings to the railing. A Windows reset will remove that “railing”, or at least temporarily remove it. I am hoping he thinks this over and agrees to a reset.

        1 user thanked author for this post.
        • #2587659

          I don’t want to be rude, but…. If your friend does not cancel all his credit cards, notify his bank, change all his passwords and reinstall Windows… he deserves whatever misfortune will come to him.

    • #2587705

      He runs an Ethernet cable from the cable modem to his desktop PC

      Then he is probably directly connected to the internet and open to all sorts of malware and script kiddie attacks.
      Put the router back and either set a good wifi password or turn wifi off. Also change the router admin password and make sure remote management is turned off.

      He also needs to change all Amazon / bank passwords, cancel cards and get replacements and then put a lock on his credit checks so they can’t use his stolen details to get new cards / accounts (identity theft).

      And reinstall Windows from scratch. No telling what back doors now exist on his machine.

      “All seems well” is not good enough when a bad actor has had full access to your machine!

      cheers, Paul

       

      5 users thanked author for this post.
    • #2587896

      Tech Support Scams on the Rise, Know the Warning Signs (aarp.org)

      This was a good article, thanks. From this thread he should:

      1. Change passwords (using a different computer)
      2. Activating two-factor authentication if not already implemented
      3. Cancel credit cards
      4. Notify banks
      5. Put a security freeze on his credit reports
      6. Put a router between the cable modem and the PC
      7. Format the hard drive and reinstall the OS and software,

      Should he purchase an identity theft protection service, too?

      • #2587902

        I only get those services when I know I’ve been hacked and the other company has paid for them.  I think items 2-5 will do you the most good rather than a security monitoring service but that’s my personal opinion.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
    • #2587903

      Yes, format and reinstall Windows. You can never be too careful.

      See this article on ID theft protection. Free monitoring may be enough.
      https://www.latimes.com/business/technology/story/2022-12-08/do-you-need-lifelock-identity-theft-protection

      cheers, Paul

      1 user thanked author for this post.
    • #2588057

      I passed along the “Tech Support Scams on the Rise, Know the Warning Signs ” article  which helped convince the user to get the hard drive reformatted and act on the other advice given in this thread. He just did not realize the damage that can be caused by trusting the wrong people.

      6 users thanked author for this post.
    Viewing 11 reply threads
    Reply To: Is a Windows Reset Sufficient After Scammers Have Had Remote Access?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: