• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 507
  • Last Modified:

User allowed a rogue support person access to her machine (random phone call) what scans to run now ?

Its an XP PC.

Caller claimed to be from Microsoft.
User realised caller was a rogue 5 mins or so after he remoted the machine

What scans to run on the PC?

So far Ive:

Ran AVG form boot / with updates - found 0
Kapersky emergency CD / with updates  - from boot - found 0  
MBam / with updates - loaded in windows
0
fcek
Asked:
fcek
2 Solutions
 
Robby SwartenbroekxMSP engineerCommented:
Mostly they use à remote control tool like teamviewer or ammyy admin. Then they open eventviewer to show you all the errors that are on your pc.
If the user realised it by now, there is no problem.
After that, they install a rogue virusscanner you have to pay to clean the pc. Normaly mbam find and deletes them.
0
 
John HurstBusiness Consultant (Owner)Commented:
Also make sure your user installs a very strong, paid, corporate AntiVirus/Firewall suite as further protection.

If the user can have their external IP address changed, they should do it. That will reduce the ability of the rogue caller to get back in on their own.

Nothing will stop installed rogue software until it is removed. It may be both reasonable and practical for your user for backup, format and install Windows fresh after the external IP has been changed. That will wipe out everything.

It is important to understand that the callers are criminals bent on stealing information if they can.

.... Thinkpads_User
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now