Windows 10: Professional cleaning: what's involved?

Several weeks back, my brother, who is astonishingly naive about computers, got taken in by some malware on his computer. A screen came up which told him his computer had been compromised and advised him to call a specific number for help. *He actually called the number*. He fell hook, line and and sinker for the entire scam, which involved him paying $350 for a five year security maintenance package. A few weeks later, they called him and said his computer was infected again and it was their fault and they were going to refund his money; they claimed to have refunded 10 times the amount they owed him and wanted him to pay back the surplus, which he proceeded to do, via iTunes gift cards. I could hear his phone conversations with the scammers and knew something was up but he was sure that everything was fine; he even believed that he was going to get several hundreds dollars bonus for all his time and trouble in helping them rectify "their mistake". (I told you he was naive.) Anyway, long story short, I finally persuaded him he was being swindled and got him to stop giving them gift cards; he ended up losing a good bit of money. We reported the incident to the police but were advised it was unlikely they would be able to do anything; they haven't called back since the officer was here to take the report.

We spoke to the bank and got his password changed for his online banking - I think they had installed a keylogger on his computer and obtained his password and messed around with his bank accounts to some extent - and were advised to get a professional cleaning done on the computer before using it again; it has been offline ever since. He's strapped for money right now but would like to use the computer again.

I'm willing to help him clean the computer - I'm reasonably proficient with computers - but before I tackle this, I'd like to know what exactly the bank was implying by a "professional" cleaning. In other words, what would a good computer store do if they had to clean up a computer that had been compromised in this way?

:)

 

Microsoft Windows 10 and performing a clean install vs. an upgrade, in response to their DVD player installation.

I had Windows 7 Professional, did a clean install and lost my DVD player. Microsoft should know what version you have and automatically provide the apps they said they would, whether you did a clean install or not.

 

Can I upgrade my Windows 10 Home 64 bit to Windows 10 Pro 64 bit using the free ISO file that got from Microsoft?

You can not upgrade from Home to Professional using *anything*. Such an upgrade is not possible. The only way to get to Professional is by doing a clean installation.

 

You should report this to the FBI not regular police.

Anything important on the drive? Boot off a linux live CD, plug in an external drive and start backing up files.

Main Page - Linux Mint

As for your current installation, I’d probably just reformat the drive and reinstall. If you’re paranoid, you could zero the drive with DBAN or another offline destructive data erasure program and then format/install.

DBAN will not work on SSDs.

Darik’s Boot and Nuke – DBAN

Alternatively, you could boot off Windows installation media and use diskpart to wipe the drive:

diskpart – Guide for Windows XP, Vista, 7, 8, 10

If you’re super paranoid, buy/install a new Hard drive and then reinstall Windows on that.

 

I would be quite surprised if he had any data that needed saving, given that he pretty much just uses it to play games, watch YouTube videos, and keep up with the news.

The computer came with Windows 10 pre-installed and no disk. How could he reinstall the operating system without having any disks? (I strongly suspect he didn't make a backup of Windows before at any point after he got the computer.) I assume there is some way to reinstall from the web but I don't know how we'd acquire the key unless he has some paperwork with the key on it from the place he bought the computer.

 

It's called a Reset, Windows 10 can do a clean install using the existing system files as the source. If this is an OEM installed Windows 10, this will perform a 'factory reset', including any OEM customizations. There's a tutorial...

*Arrow Reset Windows 10

 

Don’t worry about the key. It’s usualky embedded in the BIOS and will be auto-detected. If you’re prompted to enter a key, select “don’t have it” and move on. It’ll activate when it hits the desktop and has a internet connection.

You can download/create Windows installation media using the media creation tool from MS:

Create Bootable USB Flash Drive to Install Windows 10

Windows 10 is usually very good at detecting/installing the required hardware drivers. Any blanks can be filled in by downloading drivers from manufacturers website.

 

The HDD is potentially compromised, so the built-in restore functions can’t be trusted.

 

The Reset should check the integrity of the source files it's using.

 

Nothing is 100% when dealing with malware. Unless I was an OS/security engineer, which I’m not, there’s no way I’d sign off on the drive as clean using the recovery functions of a compromised installation.

 

Are you proposing doing this step before or after running DBAN? It makes sense to me to run DBAN to clean up any lingering traces of whatever crap they put on his computer but would running DBAN destroy the possibility of using the media creation tool? And if I created the media *before* scrubbing the hard drive, could I count on getting a clean copy of the OS from the media creation tool?

By the way, I just spoke to him and he *may* have a license key but he isn't sure and is in the middle of something so won't look for it right now. Therefore, I want to understand what I should do for both cases. You've told me what to do if he doesn't have a key - although you're still helping me with some followup question - but I'm not sure what to do if he *does* have a key.

 

Did the PC come with Windows 10 or was it an upgrade? Are you positive this PC has a traditional spinning hard drive and not an SSD? If SSD, DBAN useless and will have to use another tool for the job.

Me personally, I’d be satisfied with deleting the partitions during the Windows installation process and let the installer format/install Windows. As mentioned, it’s about how paranoid you are with it.

Assuming he has
Nothing to backup....

1.Run DBAN

2. Create install media using a clean PC. Do not use infected PC to create the media.

3. Proceed to install Windows.

If he happens to have the key, you can put it in during the install or after you get to the desktop. Chances are, it’ll activate on its own, no key input required. The license is tied to a hardware signature on MS servers as I’m told.

 

I would do as @vram has suggested. You have nothing to lose. These people will not stop they have just about everything that was on the PC by now.

 

I asked him if he had any files he wanted to save and he assured me there was nothing important. I hadn't thought of creating the install media from a different PC; I assumed that wouldn't help because it would then expect *my* key and wouldn't run on his computer and mine at the same time. If it activates itself on a different computer without difficulty, I could use my laptop, which also runs Windows 10 to make the install media.

That's very convenient - if it works as you describe! - and would save him having to find his current key, which is a dubious proposition given the way he files papers.

 

The purpose of the media creation tool is simply to create a Windows installation disc or a flash drive to reinstall the OS. You will not be prompted for a key to create the media. Just pick 64-bit Windows 10 *Smile

Skip entering the key during the actual install.

What make/model of PC is this? If it’s got UEFI BIOS, someone that’s better able to explain how to boot from external media may need assist in helping you boot from it. You may need to enter UEFI and disable secure boot and enable/disable an option here and there.