opinion needed on hacked / bullying email and how to fix

[luckydriver]

last night ran spybot and malwarebytes and Kaspersky on my friends machine. I also looked through task manager and the running services. i'm far from an expert but there were no obvious issues to tell how someone got my friends email. my friends " friend/ex" (who also maintains her system for her for at least 6 years) called her last week and read an email to her which proved beyond a doubt someone was in my friends email account. the ex told her he 'got' the email from an anonymous account which was coincidentally the same one that I got email from a year ago bullying me about something. so we are pretty sure its her ex since he has total access plus a stranger hacking into emails would send out Viagra ads, right?

my friend did not know her password because he had it set up in outlook for her so she never needed to know it. also I confirmed through the web portal that the ex had his email setup as the password reset one.

so we answered all the security questions and set another email account to be the security one and we changed her password.

1. this was through msn, does he get notification that we are changing things since his email was the security reset? the site said that it will take a month to update and delete his email off the account and change it to my cell number. I just am curious if he gets confirmation what we are doing. my guess is yes? I just hope he doesn't get my cell number but he probably does have it

2. I unchecked the box in control panel for remote access. as long as that box is unchecked, are we sure that no one can remote access the machine ?

3. my belief is that since he knew her PW that he just went into her account and read emails but I was wondering other than remote access and knowing the password to her account, are there any other steps I should be taking to secure the account/computer?

4. I cannot access recent activity screen for a month. that's how long msn says will take to change this security info and by then all the recent activity will be gone along with proof he accessed from different IP. anything I can do about this?

5. I confirmed there were no forwarding rules in outlook or the webmail but of course he could have deleted them.

 

[bootcher]

1. If his email is the security email, he will get notified of all changes made to the account.
2. There are other ways to access a pc remotely, other programs.
3. At this point I wouldn't even consider using the email account anymore. Sign up for another email and send out an email to all contacts that your email has changed. The PC itself I would do a new install so that you know for sure there are no trojan horses/spyware/unauthorised programs installed anymore on it.
4. I don't know about this, you should contact your email provider for support on this matter.

I would also gather all evidence you may have and turn it into the police/proper authorities, since identity theft/unauthorized access to a computer is a crime. Especially since you have a good clue about who it is.

 

[luckydriver]

TY for the update. now he knows we are on to him but anyone would have to know if they had email breach, the person will change password.

2. ok I do know there are other programs to access the PC but I guess you are saying just unchecking that box is not a 'master' switch to kill remote access. which sucks.

3. new install probably wont happen. she's scared of losing stuff and that I wont know how to install her special program for her disability. he had her under his thumb as 'the' only person who could fix her machine but my guess is its just a regular install. he also has backups set to external drives every nite and I can just see her worried about me setting that. but i'm sure I could figure it out.

do you agree if we don't do a fresh PC that there's no point to getting new email since in theory he can get that new password as well? she had this one 'forever' and her computer is her life more than you or me even because of her disability. would be very hard for her to give up this email address.

doubt she will go to the police. he's already in trouble with the govt on other charges related to billing for services not performed and stuff and if he really did hack her email he is psycho based on what he did to me a year ago. so we don't need trouble at our doors but we do need him to just not have access to her email. she feels so invaded and so do I.

 

[bootcher]

I would still urge to do a new install, it is the only way to guarantee a clean uninfected pc. What can be convenient to guarantee no files are lost is buying a new harddrive to install the OS on. This way the old harddrive can remain on the the computer and no files are lost. All the software was once newly installed, so it can be installed again, it shouldn't be any problem.

As the emailaddress should have a new password and another email address as the security set, it should be ok once this is done.

Also I would still go to the police, especially in these cases it is important to have everything documented.

If you really don't want to do this right away you can try to install some firewall that monitor, block and report all network traffic, for instance comodo firewall or zonealarm firewall.

 

[luckydriver]

ok but if old drive is connected to the machine, wouldn't it still possibly reinfect even if I got new drive for the install?

 

[bootcher]

It would be possible but only if a program is executed from it, or a file containing a virus is opened. So before connecting the old harddrive again to the computer, make sure you have all latest updates installed and a good antivirus installed. When you connect the harddrive before opening anything do a full scan on it first.

 

[luckydriver]

ah ok gotcha. just wish i had definitive proof this is over now that we changed the PW so we could avoid all this. sigh. but her machine does bog down so maybe something is amiss anyway. has 4 gigs on it and even when less than half that is in use the machine locked up a lot with not responding software