Hello Again, It has been a while since I have had a PC on the bench. A neighbor called last night and said he had been hacked. The screen showed a message from MS with an 866 number to call. He did and the "agent" had him do some things in DOS I assume since he said the screen went Black.
Some history, the wife went onto either a Facebook or YouTube site with a bunch of numbers to play some kind of game, he could not define exactly what it was.
I am getting this Win 10 tower tomorrow. I plan on booting in Safe mode and running CCleaner, Malwarebytes and Privatizer. Three apps to 'clean' the disk that I am familiar with. I have also downloaded the latest Win 10 ISO from MS just incase I have to reload the OS.
First question, is the 866 number really MS? Second, your opinions on any other process I should run to make sure the hack is removed before a total reload of the OS.
I got the PC yesterday and it did turn ON but it took a long time to boot. This is an HP Pavilion 6. It has a second partition with a WIN10 OS. Luckily I did not have to reload the OS. There was a DOS tab on the Start Menu. Opening it showed an ALARM with Trojan and a note for a bank. The owner has already changed his password for all personal web sites. Prior to this hack the owner, on my suggestion, purchased Webroot. That was running in the background along with MS Defender.
I updated and ran CCleaner. I also installed the free version of MalwareBytes. It found 10 PUP's. Also installed and ran Privazer, this found a lot of "stuff". There were some drivers that needed updating and I took care of that. I informed the owner that it might be a good idea to purchase MalwareBytes soon as a precaution. I will leave that up to him. I am also suggesting he activate OneDrive as a backup.
I am confused that Defender and Webroot did not flag this virus.
Any suggestions that I might do before returning this PC to him?
Well I did all the scans and installed Malware Bytes. All seem good until we tried to log onto his email. Seems the mail server password was corrupted. Not a big deal, just called the isp and had them reset the pw.
I suggested that owner purchase the full Malware Bytes for a Just In Case since the scans did not find anything substantial.