For every question, there's an answer -- and you'll find it here!


Printer-friendly copy
Top The PC Q&A Forum The Computer Forum topic #567208
View in linear mode

Subject: "After Hack Procedure" Previous topic | Next topic
wings515Sat Mar-26-22 02:48 PM
Member since Nov 24th 2004
587 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
"After Hack Procedure"


          

Hello Again,
It has been a while since I have had a PC on the bench. A neighbor called last night and said he had been hacked. The screen showed a message from MS with an 866 number to call. He did and the "agent" had him do some things in DOS I assume since he said the screen went Black.

Some history, the wife went onto either a Facebook or YouTube site with a bunch of numbers to play some kind of game, he could not define exactly what it was.

I am getting this Win 10 tower tomorrow. I plan on booting in Safe mode and running CCleaner, Malwarebytes and Privatizer. Three apps to 'clean' the disk that I am familiar with. I have also downloaded the latest Win 10 ISO from MS just incase I have to reload the OS.

First question, is the 866 number really MS? Second, your opinions on any other process I should run to make sure the hack is removed before a total reload of the OS.

Regards,
Dan Kahn

Dan K

  

Alert Printer-friendly copy | | Top

Replies to this topic
Subject Author Message Date ID
RE: After Hack Procedure
Mar 26th 2022
1
RE: After Hack Procedure
Mar 26th 2022
2
RE: After Hack Procedure
Mar 26th 2022
3
RE: After Hack Procedure
Mar 29th 2022
4
      RE: After Hack Procedure
Mar 29th 2022
6
RE: After Hack Procedure
Mar 29th 2022
5
RE: After Hack Procedure
Apr 02nd 2022
7

lenjackSat Mar-26-22 04:44 PM
Member since Nov 13th 2001
1582 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#1. "RE: After Hack Procedure"
In response to wings515 (Reply # 0)


          

I'm not an expert, but I don't believe MS, sends messages like this. In fact, I'm positive they don't.

  

Alert Printer-friendly copy | | Top

    
wings515Sat Mar-26-22 04:46 PM
Member since Nov 24th 2004
587 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#2. "RE: After Hack Procedure"
In response to lenjack (Reply # 1)


          

I was under that impression also but I just wanted to verify the 866 number was a scam. If the owner has the full number I think I'll do a search to see if anything pops up.
Thanks,
Dan

Dan K

  

Alert Printer-friendly copy | | Top

TtechSat Mar-26-22 10:01 PM
Member since Aug 06th 2002
10412 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#3. "RE: After Hack Procedure"
In response to wings515 (Reply # 0)


  

          

If it boots to a screen requiring a password, please take a picture and post it here, I may be able to help.

Behind every good computer... is a jumble of wires 'n stuff.

  

Alert Printer-friendly copy | | Top

    
wings515Tue Mar-29-22 01:56 PM
Member since Nov 24th 2004
587 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#4. "RE: After Hack Procedure"
In response to Ttech (Reply # 3)


          

I got the PC yesterday and it did turn ON but it took a long time to boot. This is an HP Pavilion 6. It has a second partition with a WIN10 OS. Luckily I did not have to reload the OS.
There was a DOS tab on the Start Menu. Opening it showed an ALARM with Trojan and a note for a bank.
The owner has already changed his password for all personal web sites.
Prior to this hack the owner, on my suggestion, purchased Webroot. That was running in the background along with MS Defender.

I updated and ran CCleaner. I also installed the free version of MalwareBytes. It found 10 PUP's. Also installed and ran Privazer, this found a lot of "stuff".
There were some drivers that needed updating and I took care of that.
I informed the owner that it might be a good idea to purchase MalwareBytes soon as a precaution. I will leave that up to him.
I am also suggesting he activate OneDrive as a backup.

I am confused that Defender and Webroot did not flag this virus.

Any suggestions that I might do before returning this PC to him?

Regards,
Dan Kahn

Dan K

  

Alert Printer-friendly copy | | Top

        
TtechTue Mar-29-22 11:07 PM
Member since Aug 06th 2002
10412 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#6. "RE: After Hack Procedure"
In response to wings515 (Reply # 4)


  

          

Quote:
I am confused that Defender and Webroot did not flag this virus.

What virus? Did your scans catch any viruses? Probably not, because this type of attack is known as a browser hijack. It exploits features built into the browsers.

2 things to do:

Disable notifications from all browsers. Start - Settings - System - Notifications & actions, scroll down and turn off notifications from all web browsers that are listed there.

Install the free Malwarebytes Browser Guard if it's available for the browsers in use.

Behind every good computer... is a jumble of wires 'n stuff.

  

Alert Printer-friendly copy | | Top

therubeTue Mar-29-22 04:09 PM
Member since Jan 22nd 2003
16604 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#5. "RE: After Hack Procedure"
In response to wings515 (Reply # 0)


  

          

Not knowing just what was done by the user...
Not knowing just what was done by "MS"...


My thought would be to nuke everything & start over again.


Reinstall Windows.
Reinstall your programs.

And take it from there.

--------------------------------------
BANK OF AMERICA.COM ONLINE BANKING SUCKS IN THE HUGEST WAY IMAGINABLE

Newegg.com's new image gallery layout sucks in the hugest way imaginable too !
And now they're using JavaScript to "turn" pages to boot ! SUCKS

  

Alert Printer-friendly copy | | Top

    
wings515Sat Apr-02-22 03:10 PM
Member since Nov 24th 2004
587 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#7. "RE: After Hack Procedure"
In response to therube (Reply # 5)


          

Well I did all the scans and installed Malware Bytes. All seem good until we tried to log onto his email. Seems the mail server password was corrupted. Not a big deal, just called the isp and had them reset the pw.

I suggested that owner purchase the full Malware Bytes for a Just In Case since the scans did not find anything substantial.

Thanks for all the replies.
Regards,
Dan Kahn

Dan K

  

Alert Printer-friendly copy | | Top

Top The PC Q&A Forum The Computer Forum topic #567208 Previous topic | Next topic
Powered by DCForum+ Version 1.27
Copyright 1997-2003 DCScripts.com
Home
Links
About PCQandA
Link To Us
Support PCQandA
Privacy Policy
In Memoriam
Acceptable Use Policy

Have a question or problem regarding this forum? Check here for the answer.