Clensing a computer after user allowed scammer access to their computer
Posted on 2016-11-07
I've had quite a few of these over the past few months. All Windows system. The user gets a persistent webpage directing them to call Microsoft or random phone call where the caller tells them their computer is doing something it shouldn't. Some users go as far to pay the scammer, allow remote access, etc.
When they contact me I'm scanning the drive by removing it from their machine and connecting it to my technical system. Normally nothing is found. Diagnosing with their hard drive installed on their machine scanning with Malwarebytes, RogueKiller, check for unwanted programs in add/remove programs, ensure nothing odd in startup under Msconfig.
Any better advice on tools I can use to scan with?
In some instances I've simply saved important user files then reinstalled Windows. Thanks in advance.