GeekPolice Tech TutorialsLog in

 

Scammed-need to clear computer of contamination!

Share

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Since 8.1 does not have a Start button (at least like win7),

8.1 was supposed to install the Start button. I downloaded and install one myself from here and it's free.
I never scanned with Security Check…do you still want me to do that?

Yes, please but don't be surprised if 8.1 gives you problems with this also.
I need to know if you have any other problems with your computer?

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox (29.0.1)
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Thank you for the tip on the Start Button! There is talk of a release in August that would have one for 8.1 and I have concerns about uninstalling it at that time....hopefully without issues....but this Start button looks great for the mean time!!!

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
My "infected" computer seems to be running fine as it has all along. My big concerns now are:

1. why do I see a black run-type screen flash upon bootup once I am on the desktop screen? what is it and how do I get rid of it? This morning when it flashed, I caught "windows/system32/_____" and something else that I couldn't make out.

2. I'm concerned about anyone EVER getting into my computer remotely again, so I located System Properties folder> remote tab> and unchecked "Allow Remote Assistance to this computer">apply>OK... Is there someone out there that would need access without first discussing it with me?? Is this OK to not allow open access? Will this block these hackers who now know the codes in my computer from ever entering my computer by remote, again???? What is LogMeInRescue RC-something that allows them to reenter my computer?

3. After performing these scans, can I now trust my computer & browser to type in usernames and passwords at this point? use charge cards? make purchases??? Trust that someone isn't stealing my info?

4. When can I change out McAfee for Panda and what's the best way to remove all traces of McAfee?

5. What about all this software that was loaded onto my computer??? (please refer to my first post where I listed everything which is all still there even after the scans) Can I trust any of it?? or should I just trash it all??? I don't even know what half of it is!!! ...and some items in the folder look suspicious to me! Like the Notepad file with a gear on it or the Registration Entry (.reg); Windows Batch file, ICO file??....what are those all about???

The only thing I see that has changed was caught by adwcleaner and deleted: a user file called pokki, an icon that SEEMED like a start button on the task bar (shaped like a white silhouette of a house which I can not find in google searches) and another icon on the task bar that was another link to windows store but pink background with a different bag on it.

BTW, even though I uninstalled Malwarebytes and reinstalled YOUR free version, it comes up occasionally and starts scanning just like a licensed version! can I trust it???

...and on a bright note, this morning, after booting, the Mozilla icon reappeared....without having done anything (maybe it updated over night)!

I realize that we have been trying to establish that there is no malware or virus but all the above things REALLY bother me....I haven't been doing anything involving a username, PW or purchase on this new computer since this all happened-no email or social networking- just working with you and looking at stuff....but thanks for helping....

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Windows 8 comes with its own AV called Windows Defender. If you wish to run McAfee instead Windows Defender should be de-activated. Having more than one AV active on a computer can cause conflicts.
why do I see a black run-type screen flash upon bootup once I am on the desktop screen? what is it and how do I get rid of it? This morning when it flashed, I caught "windows/system32/_____" and something else that I couldn't make out.

I'm not sure what that could be but you try running this tool by my buddy Broni. It should fix any anomalies in your OS.
I'm concerned about anyone EVER getting into my computer remotely again, so I located System Properties folder> remote tab> and unchecked "Allow Remote Assistance to this computer">apply>OK... Is there someone out there that would need access without first discussing it with me?? Is this OK to not allow open access? Will this block these hackers who now know the codes in my computer from ever entering my computer by remote, again???? What is LogMeInRescue RC-something that allows them to reenter my computer?

They shouldn't be able to access your computer unless you give them permission. As discussed in a previous post, they will need your permission. I would never give anyone access to my computer unless I knew and trusted them. I've never heard of LogMeInRescue RC but, from what I can find, it's some kind of method of logging into your computer from a remote site but I would imagine that you would have to have your computer set up in order to do this.
After performing these scans, can I now trust my computer & browser to type in usernames and passwords at this point? use charge cards? make purchases??? Trust that someone isn't stealing my info?

About the only way that your computer would be considered safe again is to re-format and re-install the OS or run the Recovery Console which will restore your computer back to the day you took it out of the box. I couldn't find any programs that were installed by this hacker but I wouldn't consider the computer safe. Your best bet would be to save your data and do a Recovery.

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Will running the Recovery Console also automatically re-install the OS? It sounds like I need to do  Recovery...and that would delete all their stuff and make their presence disappear....correct?....and will it also delete my adobe photoshop/primiere elements? MS office???? I have the disk for adobe but I have a card for ms office and originally there was an icon on the desktop to start the download...do you think that icon will reappear after recovery? Can you guide me through that or should I refer to Lenovo, or microsoft?

Would bringing it back to a previous stored backup point do (because the first thing that this hacker did was to set a backup point!) or is the best thing to restore or reset or recover (I see all 3 of these terms being used)?


"I've never heard of LogMeInRescue RC but, from what I can find, it's some kind of method of logging into your computer from a remote site but I would imagine that you would have to have your computer set up in order to do this. "


Yes, I believe that they did do that!!!



Last edited by macmanetz on 11th May 2014, 6:53 pm; edited 2 times in total (Reason for editing : an after-thought & yet another after thought!)

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Will running the Recovery Console also automatically re-install the OS? It sounds like I need to do Recovery...and that would delete all their stuff and make their presence disappear....correct?...

Yes, it will restore your computer back to the day you purchased it. Any programs that the hacker installed will be gone.
and will it also delete my adobe photoshop/primiere elements? MS office???? I have the disk for adobe but I have a card for ms office and originally there was an icon on the desktop to start the download...do you think that icon will reappear after recovery? Can you guide me through that or should I refer to Lenovo, or microsoft?

You will need to make a note of the programs that you now have on your computer because they will have to be re-installed. You will also need to save all your important data to an external drive or DVD's.
Would bringing it back to a previous stored backup point do (because the first thing that this hacker did was to set a backup point!) or is the best thing to restore or reset or recover (I see all 3 of these terms being used)?

Doing a System Restore would not be as good as doing a Recovery.
In Windows 8 they call it Refresh and Reset. Here's more information about how to do that.

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
I guess I need to do  reset. Thanks for the link, it sure seemed easy to do but it was about 2 years out dated...I found a video on Youtube also outdated but helpful and I am currently reading a user guide.  I have a question. If the hacker changed (and he did) something in the registry, that will all be undone and cleared also, right?

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
I guess I need to do reset. Thanks for the link, it sure seemed easy to do but it was about 2 years out dated...I found a video on Youtube also outdated but helpful and I am currently reading a user guide. I have a question. If the hacker changed (and he did) something in the registry, that will all be undone and cleared also, right?.

It's hard to believe that Windows 8 has been out that long. Yes, all the registry will be back to when it was new.

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
Sorry about the delay, but I had family issues out of state for weeks!  
I finally reset/recovery my Windows yesterday (after doing a lot of research on this procedure) and am writing from that computer. All went very smoothly. All my personal files & apps were gone, as expected, as well as, all the programs that the hackers installed AND I no longer see the black box flash on the desktop upon boot-up (yay!-I think it had something to do with the command prompt).
I changed the password to my Microsoft account,
password to log into my computer,
the name of my computer,
my last name,
AND under system properties>remote tab>  I unchecked the box for "Allow Remote Assistance connections to this computer". Also, uninstalled McAfee Trial and installed Panda Antivirus that I have a license for....and downloaded Mozilla. But I still have some concerns:

1. When I made my selections for the reset, one option was to select just the drive that Windows was on (the C:drive) or all drives which included the D:drive Lenovo. I chose the first option because I figured that I needed the info on the D:drive to get back to factory specs.  Because I didn't reset the D:drive, containing factory specs, would my computer still be considered secure at this point or is it possible that something could have been installed there by the hackers??

2. Also, I selected a deep clean that would "take hours" (took a little over 2 hours) in order to really wipe things out. Oddly, when everything rebooted, the desktop was the pale blue solid color wallpaper like I had selected prior to reset and not the Lenovo photo that first came on it. AND the Start Screen displayed the customized patterned wallpaper background that I had pre-selected, again, prior to the reset (not factory specs). Upon the first Windows log-in, the same pre-selected photo that I had by user name/password came up....and I had to go to the MS account to change the photo.  If everything was wiped clean, then why did these come up? or are these held in memory at the Microsoft Account online (I
didn't see anything about the wallpaper/screen choices there)?

3.  In light of #2 above, I want to be assured that all is wiped clean and am truly starting over with a clean slate. Have all restore points also been cleared (he saw him create a restore point and even know it's name)? DLLS all reset? He left a folder that he worked from on the desktop that were things over my head....(besides installing 6 applications, he disabled UAC for admin, configuration settings for the desktop file, favicon-ICO file, windows batch file-Evntvwr Cleanr....)have they all been removed/reset,
as it appears?

4. Pokki seems to be a free download that changes the start screen with a Start Button, etc. It was on my computer and was deleted as a possible virus with one of the first programs that you had me scan my computer with....and now it's on here again.  I do not see it on my apps page nor do I see their acorn icon in the task bar. But today, I suddenly see the little white house in the task bar again (I had previously asked you about this but you said you didn't know anything about it... It appears to be a start button and connected to the App store). But a search for Pokki definitely turns up files on my computer. Might this "house" be the results of Pokki?? Could it be something Lenovo included?? Might this be a border line virus conductive app and an antivirus would target it?

5. AND finally, I want to BUY a licensed version of Malwarebytes through your site. Which brings me to, can I feel safe/secure now to use a credit card (and make purchases, look at bank statements, etc) on this reset computer? Do you want me to download and run anything as a final check?  Should I redownload Adwcleaner, which got deleted?

I know that you were helping me with viruses and malware and I may be asking more than what might be your area of expertise. But I sure to appreciate any help you can pass my way. Thanks so much for being there.

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
and installed Panda Antivirus that I have a license for...

Don't forget to disable Windows Defender, the AV that comes with Windows 8.
Because I didn't reset the D:drive, containing factory specs, would my computer still be considered secure at this point or is it possible that something could have been installed there by the hackers??

The D drive is where you have the Recovery Console which you just used. I can't see any possibility of that drive being infected.
If everything was wiped clean, then why did these come up? or are these held in memory at the Microsoft Account online (I
didn't see anything about the wallpaper/screen choices there)?

The only real way to wipe the drive is to choose Reformat.
Have all restore points also been cleared (he saw him create a restore point and even know it's name)? DLLS all reset? He left a folder that he worked from on the desktop that were things over my head....(besides installing 6 applications, he disabled UAC for admin, configuration settings for the desktop file, favicon-ICO file, windows batch file-Evntvwr Cleanr....)have they all been removed/reset,
as it appears?

Not being seated in front of your computer it's difficult for me to say for certain that they're gone but I would have to guess yes.
It appears to be a start button and connected to the App store). But a search for Pokki definitely turns up files on my computer. Might this "house" be the results of Pokki?? Could it be something Lenovo included?? Might this be a border line virus conductive app and an antivirus would target it?

I know nothing about this site but here's a reputable site with one review. When free download is mention one has to take that with a grain of salt. In other words, be a bit leery.
AND finally, I want to BUY a licensed version of Malwarebytes through your site. Which brings me to, can I feel safe/secure now to use a credit card (and make purchases, look at bank statements, etc) on this reset computer? Do you want me to download and run anything as a final check?  Should I redownload Adwcleaner, which got deleted?

It would depend on the site where you use your card. PayPal is dependable and it should be safe. My bank offers a free security app called Rapport Trusteer which you can configure to protect any site you want. It's very good. You could check with your bank to see if they provide it. You can download and keep AdwCleaner on your computer. Update it and run it on a regular basis.

Last edited by Superdave on 29th June 2014, 12:22 am; edited 2 times in total

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
and installed Panda Antivirus that I have a license for...

Don't forget to disable Windows Defender, the AV that comes with Windows 8.
Oh, my! I didn't realize that there already was an antivirus on Win8! I just did a search for Windows defender, clicked on the icon and a speech box appeared saying that the app is turned off and is not protecting my  computer. McAfee or Panda must have turned it off. Good, thanks for drawing that to my attention.

If everything was wiped clean, then why did these come up? or are these held in memory at the Microsoft Account online (I didn't see anything about the wallpaper/screen choices there)?

The only real way to wipe the drive is the chose Reformat.

I realized that I did not reformat the entire physical drive containing both the C: & D: drives, but you are also saying that it is unlikely that the D:drive was tampered with.  So isn't reinstalling Windows8.1 reformatting the C:drive??? You had said "About the only way that your computer would be considered safe again is to re-format and re-install the OS or run the Recovery Console which will restore your computer back to the day you took it out of the box." "Your best bet would be to save your data and do a Recovery." So I did do a Recovery from the Recovery Console.  Please tell me you're really not suggesting that I actually reformat the whole drive and deal with partitioning. I was really hoping for a clean bill of health!

PayPal is dependable and it should be safe. My bank offers a free security app called Rapport Trusteer which you can configure to protect any site you want. It's very good. You could check with your bank to see if they provide it. [/quote]

Thanks for that tip...I have paypal and I will look into the Rapport Trusteer.

Last edited by macmanetz on 29th June 2014, 1:35 pm; edited 1 time in total

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
So isn't reinstalling Windows8.1 reformatting the C:drive???

Here's more information about wiping and re-formatting. You did the correct thing in using the Recovery Console and your computer can be considerd safe to use.

description Re: Scammed-need to clear computer of contamination!

more_horiz
THANK YOU SSSOOOO MUCH!!!!! Hooray! 

descriptionRe: Scammed-need to clear computer of contamination!

more_horiz
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.
Permissions in this forum:
You cannot reply to topics in this forum