Seeking Extra Solutions to Infected Machine

Status
Not open for further replies.

Breakthechains

Distinguished
May 18, 2010
4
0
18,510
My mother's computer has been compromised. She fell scam to a fake Microsoft phone call in which case they proceeded to use a fake Microsoft chat window to remotely control her computer. After coming upstairs I realized what was going on and intercepted. I told her to turn her computer off and hang up. From there she waited months before using it again but did finally use it again to make an online purchase with her debit card and unauthorized purchases proceeded to show up. The card was frozen, the charges were resolved, and she received a new card.

However, there is obviously still spyware and or viruses installed on her computer.

My plan is to upgrade the motherboard so I can flash it and wipe it clean. As well as to delete all of the partitions on her hard drive and do a clean install of windows. Including a password change for all accounts.

This thread is for as follows: Are there any other changes or moves that I should make to be 110% sure that her computer is entirely serviceable, clean, and safe again? Anything I need to do, or should do, other than what I have already mentioned above?

Even after if I follow through with the above plan, is it possible that they could still have any information that would allow them to compromise the computer again?

Thank you all in advance. Any help will be much appreciated. :)





 
Solution
Yes, you are correct on the first 2 points.

If you just do a format, the hard drive just turns off the flags on all the sectors of the drive. This is why data is recoverable, even after a standard format, because it's still there. If you use something like DBAN, that zero writes the drive, it will turn all those flags off, and then write back over them, and then turn them off again. I don't think it's necessary, but you sound like you're willing to go the extra mile. It only costs you time.

Hlsgsz

Commendable
Feb 29, 2016
158
0
1,710


If you boot off of a win dvd/usb and do wipe of teh HDD and clean install all will be alright. Another point of weakness could be the router, if there were admin login details saved or used on that pc, so i would change those aswell as disable remote management.

EDIT: You do not need to upgrade the motherboard.
 

aford10

Distinguished
I wouldn't encourage you to wipe the PC and replace hardware, but if you want to go that route, no problem. If you want to be that sure, you can download DBAN and do a DOD wipe of the hard drive(s) to make sure nothing is left behind.
 

Hlsgsz

Commendable
Feb 29, 2016
158
0
1,710


DBAN would be a little overkill, no?
 

sublimaze

Commendable
Jun 2, 2016
2
0
1,510
Dban wipe is adequate if you want to keep that hard drive. Or you could just buy a new HD, do a fresh OS install, and you'd be go to go. But no need to replace the motherboard unless you have money to burn or you want features that are not present on the old motherboard (more expansion ports, built-in WiFi, etc). The old motherboard does have malware stored on it. All malware resides in the HDD or RAM, not the motherboard.
 

Breakthechains

Distinguished
May 18, 2010
4
0
18,510
Let me clarify.... I will not be changing or upgrading any physical components. When I said upgrade the motherboard I was referring to upgrading the firmware.

I have read that when you upgrade the firmware on a motherboard it flashes/re-flashes the motherboard, effectively wiping all of the memory stored on the motherboard, and thus starting fresh. Although motherboard viruses are uncommon, I think doing this would be worth my time, just to be sure I eliminate everything.

Am I right about this? ^^^^^

About RAM viruses... I've also read that once you reboot your computer, whatever memory is stored in the RAM is gone and the RAM is refreshed. So there shouldn't be an issue there.

Am I right about this? ^^^^^

Lastly, and most importantly: Do I need to use DBAN or can I simply just boot to windows and delete all of the existing partitions and do a clean install? Is DBAN really necessary? Because I thought if I deleted all of the existing partitions and did a clean install of windows it would be as if I bought a new hard drive, or at least close to it....

Am I right about this? ^^^^^

Thank you all in advance. :)

 

aford10

Distinguished
Yes, you are correct on the first 2 points.

If you just do a format, the hard drive just turns off the flags on all the sectors of the drive. This is why data is recoverable, even after a standard format, because it's still there. If you use something like DBAN, that zero writes the drive, it will turn all those flags off, and then write back over them, and then turn them off again. I don't think it's necessary, but you sound like you're willing to go the extra mile. It only costs you time.
 
Solution
Status
Not open for further replies.