0

My father in law just had a problem,He clicked on a link in an email (he was using gmail on the version 35.0.1916.114m of Chrome), and suddenly the computer sort of went black, and possibly something downloaded. He says he didn't input his password. Later on, a whole bunch of phishing emails got sent out to his address book.

One of the links were to
http:// 107.183.4.211 /d/?xo=fe&mucoto=Z3VsYWJpc3JhbmlAZ21haWwuY29t &id=c2hyYXlyYWdpQGdtYWlsLmNvbQ== &mesugomabeca=c2hyYXlyYWdp

He figured something was wrong and turned off the computer. When I turned it on, Windows 7 went into Safe Mode. I've since run a full scan using Microsoft Security Essentials - nothing shows up. There's nothing I found looking into Chrome history, or in the downloads folder. We've changed the important passwords and also moved to 2-factor authentication.

Any suggestions on what I should do next ?

Thanks Rahul

Ali Ahmad
  • 4,814
  • 8
  • 35
  • 61
Rahul
  • 1
  • 2

3 Answers3

3

Nuke It From Orbit - Your computer has been compromised, and even running an anti-virus program will not guarantee a clean computer. One of the first things most pieces of malware will do is install a backdoor into your system to ensure it can get back in once your computer thinks it's clean and re-execute itself.

Installing windows from scratch is the only way to reasonably ensure your computer is no longer infected.

Community
  • 1
DKNUCKLES
  • 9,247
  • 2
  • 37
  • 48
2

I share a different opinion, most of the time I seen replies for dealing with malware infections are to nuke it and reinstall. This may sounds easy from our perspective but for the average users, reinstalling computer is a tedious process.

e.g

  1. Backups, Average users do not have habits of maintaining regular backups of their important files. Reinstalling may not be ideal since you're going to lose them, and they won't know if these files contain any malware or not.

  2. OS configurations/Applications, Devices drivers/programs reinstalling can be a nightmare.

  3. Preventive measures, Nuke it means the users will not learn the proper way to defend or mitigate such infections in future.

bleepingcomputer.com have very detail guides on how to handle malware removal. You can either try using their Removal Guides on your own or post a request.

Another good site to visit is http://www.techsupportalert.com, go through list 4(malware removal), 6(firewall), 12(browser security) & 20(backup)

hoa
  • 441
  • 2
  • 8
  • The underlying issue here is a lack of education for end users surrounding proper procedures. Users of computers with important files should be educated on proper backup procedures in the same way drivers are told they need to change the oil on their car every 3 months. Removal of threats is much more involved than it used to be, and when it comes to protecting your data I'd say an ounce of prevention (backups, education on how to spot threats) is worth more than a pound of "cure" (attempting removal through what most end users will find to be complicated processes) – DKNUCKLES Jun 10 '14 at 13:19
0

I agree with the other answer, starting from scratch is the only fully safe way to fix the problem.

You can, however, also try to run other anti-malware tools and anti-rootkit tools to see if there is a problem but this is not foolproof.

By the way, this is a very common form of malware. We had a similar scare recently at work when it turned out that a user had used their home PC with their work email and fallen foul of similar malware which sent out some phishing emails to a number of people in the address book before the server monitoring software spotted it and suspended the account.

Julian Knight
  • 7,102
  • 18
  • 23