Jump to content

currahee1

Honorary Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by currahee1

  1. I will update those two issues. I think things might be under control now, but would welcome any additional security suggestions you may have for my dad's 3 computers while I continue to get them set up for use. Thanks a lot for all of your help @AdvancedSetup.
  2. Yes, this is my computer and not a new install. I am currently running Malwarebytes Free, not the premium version... although I'm strongly considering upgrading to Premium. I have changed my router's DNS server setting. I uninstalled CCleaner and Bonjour before running the Fix through Farbar. (log is attached). Fixlog.txt
  3. Okay, maybe third time is the charm. I uninstalled the antivirus in case it was causing issues. Addition.txt FRST.txt
  4. @AdvancedSetup I dropped you a PM in case my reply got lost in the shuffle the other day. Thanks again for taking a look at the logs for me.
  5. Sorry for the delayed response @AdvancedSetup, but I would appreciate it if you'd take a look at the logs (attached). Also, I've picked up the other two computers that received a clean install. Addition.txt FRST.txt
  6. I will be picking up Laptop 2 and the Desktop tomorrow. Both of them have received clean installs of Windows 10. I have scanned all USB drives and SD cards with Microsoft Safety Scanner and ESET, with nothing detected on any of them. I do have another question... I have another computer (my personal laptop) that was connected to my father's network several times during the period that the scammers had access. My laptop was never turned on, to my knowledge, at the same times that the scammers were connected to any of my father's computers that had Ultraviewer installed. Should I have any concerns about having had anything done to my laptop? I've ran Microsoft Safety Scanner and ESET on my computer as well and they did not find anything. Thanks again for all of your help @AdvancedSetup.
  7. I ran Microsoft Safety Scanner and it found nothing. I uninstalled OneDrive, and created a System Restore Point.
  8. No, this is a different computer. The previously discussed computer was the desktop. This is a laptop that I'll call Laptop 1 since there's a second laptop as well (total of 3 computers involved). I've attached the requested logs. Do I need to run the Microsoft Safety Scanner and ESET on this computer again (last ran it after the factory reset/before the clean install)? Addition.txt FRST.txt
  9. Ugh, thank you for confirming what I suspected about the factory reset rather than a clean install. And thank you for the info about the Windows 10 to 11 update. I will try to do a clean install. Maybe this time I can wrap my head around the concept and understand it better. I would definitely appreciate all the help/tips/tricks that I can get. Yes, I did factory reset the router, and applied as many of your suggestions as possible.
  10. Hello @AdvancedSetup, My current state is as follows: - I am waiting to get the last laptop back from Geek Squad (had to have them replace a cooling fan on it). I expect it later this week. - I have ran Microsoft Safety Scan and ESET full scans on all the computers currently in my possession. - I have ran Microsoft Safety Scan and ESET custom scans on all of his USB drives and SD cards (except for one lost thumbdrive). - All scans are showing clean right now. Point of concern: I am not 100% sure that Geek Squad did a clean install of Windows on the affected computers. I think it could be possible that they may have only factory reset them. I say this because I specified that they install Windows 10 on the laptops, but the one that I have already received back has Windows 11 still on it... The scammer "upgraded" the two laptops from Windows 10 to Windows 11 as part of his IT guy scam, along with installing the "SQL server" that I mentioned earlier, which concerns me if Geek Squad only factory reset those two from the cloud. What are your thoughts about how I should proceed with that? I have attached the requested logs. Addition.txt FRST.txt
  11. Oh, okay. I misunderstood you @AdvancedSetup. I thought that you meant to scan every USB device with both Microsoft Safety Scanner and ESET (which I did). Do I need to scan all of those USB devices with this Windows Defender/PowerShell too (sorry, I'm a little lost at this point)? Or some other scan besides MS Safety Scanner and ESET?
  12. Thanks for the feedback @AdvancedSetup. I'm about to start scanning his SD cards now. The previous scan report was on the new computer, which is why it was so fast. Another question, is there a way to access the Microsoft Safety Scanner logs that are run after the first one? So far when I type in the destination that you gave me earlier in this thread, it just comes up with the information for the first scan (where I saved it as a .txt file).
  13. Thank you again @AdvancedSetup. I have completed the Microsoft Security Scan on the new computer (with USB hard drive plugged in after turning off AutoRun), and am running ESET as I type. I have attached the log for that, as you requested in your previous instructions. I do have an additional question/concern... My father has scanned and saved a lot of documents, pictures, etc. to SD cards during this time. Should I be concerned that these may be infected/compromised as well? If so, what step(s) do you recommend cleaning these SD cards? Thanks. msert-newcomp.txt
  14. Thanks for the tip @Maurice Naggar. I'll definitely be sure to do that once @AdvancedSetup advises whether to go ahead and run the scans he mentioned prior to my update post yesterday, or prescribes additional measures first regarding the new computer that has been exposed to the potentially infected thumb drive.
  15. Thank you for all of your help so far @AdvancedSetup. I know you wanted me to include a scan report on this response, but I need to provide an update to see how I proceed before running that scan. My father purchased a new laptop through Best Buy, and he purchased the Geek Squad tech support package for more basic level support. Geek Squad is currently completing the wipe and clean installs on the previously affected computers as I type, since I didn't feel comfortable tackling that myself... Now, for the issue that necessitates the update... My father, despite my instructions, inserted the potentially infected USB thumb drive into his new laptop, supposedly scanned it with Malwarebytes, and then accessed at least one file on it. Should I plug both the thumb drive and the external hard drive into this new laptop and run the scans that you listed in your last reply now? Or are there additional steps that you recommend before I complete those scans? Thanks again.
  16. Thanks again @AdvancedSetup Should I be concerned about spreading anything if I reuse the USB keyboards and mice that were attached to these computers? My parents have decided to replace at least one of the computers with a new one. Do you have any recommendations for setting it up, considering that it may be exposed to that external hard drive that was connected to one of the computers that had Ultraviewer installed on it? Thanks again.
  17. Update on resetting the router: -I could not find anything that specifically mentions "ICMP" pings, but the setting for "Respond to ping on internet port" (is this the same thing?) is not selected. -Router password has been changed to something stronger, and set to "WPA2-PSK [AES]". WPA3 was not an option (options were: WPA2-PSK [TKIP], WPA2-PSK [AES], WPA2-PSK [TKIP] + WPA2-PSK [AES], and WPA/WPA2 Enterprise). -Remote management disabled. -Could not find how to create separate WiFi groups, but will keep looking. -Changed network name. -Updated router firmware. -Set it to block TCP/UDP ports listed. -New passwords have been documented. If I'm not missing anything, I'll move onto performing the Clean installs.
  18. Thank you for your reply @AdvancedSetup. I intend to begin resetting the router and begin the clean installs on the known infected computers shortly. I apologize for all the follow up questions, but as I dig into this situation, I keep finding out more details... -My father kept his backup external hard drive, a thumb drive, and an SD card plugged into the main infected computer, rather than only connecting them when needed. How would you recommend preventing the files on these items from infecting the clean install after I finish it? -Do you have any advice about how to handle another computer that was connected to the home network, but never had the Ultraviewer installed? I will be running Malwarebytes and CCleaner on it shortly. -There are two Android devices that I have learned about that were connected to the two infected laptops for "updates"... Do you have any recommendations for handling them? -Are there any concerns for Apple products (iPhones and iPads) that were also connected to this home network?
  19. Thank you for your reply @AdvancedSetup. I intend to begin resetting the router and begin the clean installs on the known infected computers shortly. I apologize for all the follow up questions, but as I dig into this situation, I keep finding out more details... -My father kept his backup external hard drive, a thumb drive, and an SD card plugged into the main infected computer, rather than only connecting them when needed. How would you recommend preventing the files on these items from infecting the clean install after I finish it? -Do you have any advice about how to handle another computer that was connected to the home network, but never had the Ultraviewer installed? I will be running Malwarebytes and CCleaner on it shortly. -There are two Android devices that I have learned about that were connected to the two infected laptops for "updates"... Do you have any recommendations for handling them? -Are there any concerns for Apple products (iPhones and iPads) that were also connected to this home network?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.