Image source: WallpaperUp
“Help! I turned on my computer and suddenly it has popups with an 800 number and it’s talking to me and telling me to call someone within 5 minutes or I will be locked out of my computer! What should I do?”
If someone you don’t know (or can’t verify) calls you out of the blue and asks for personal identifying information or your password or your credit card number or your Social Security number… HANG UP!
If you think your computer is infected… TURN IT OFF!
Ok, what next?
Have you done any online banking with your computer? Were you in the middle of a financial deal? Are you using the same or a similar password for most of your online accounts?
If the answer to any of the question above is “yes” then the first thing I recommend is to call your bank and tell them you might have been hacked and have them keep an eye out for suspicious activity. You might also want to consider calling a credit reporting agency to lock your credit for up to 90 days (you can deactivate this lock if you need to complete a credit app). They will automatically contact the other credit agencies.
“Why on Earth should I do all of that?”
Hackers are not infecting you computer and millions of others every day just because they think it’s fun and they are getting a kick out of it. Hacking is a very lucrative business and your money is their only concern. In 2014 it was estimated that hacking cost everyone almost $450 billion. Protect you money!
So the first step is always to hang up or turn off the PC. The second step is damage control (lock down your accounts and credit). All of this needs to be done immediately or as soon as possible.
As for the computer… if you’re infected you should take your computer and your Windows CD/DVD (and your installation key) to someone you trust… but don’t just hand it to them and hope for the best. Ask them to tell you what they are going to do, step by step (even if you don’t understand geek-speak). This is important because the first thing they should say is that they are going to remove your hard drive and make an image of it. If they don’t mention this or if they say they don’t know how to do this – or if they say “what the hell is that?” then you should take it to someone who knows how to perform this operation. This is important because if the infection is Ransomeware your files might be in the process of being encrypted (locked). If they turn the computer on for long enough then all of your files will be encrypted and you won’t be able to get ANY of them back until you pay a ransom. Some ransoms aren’t cheap.
If the hard drive is imaged then you can safely copy all of the files that aren’t encrypted to another drive that isn’t infected.
If the infection isn’t that bad it might be able to be removed but consider reinstalling Windows and starting over… your old photos and documents can be safely restored later from the drive image.
Why start over?
I’ve read so many documents from Symantec and McAfee and it seems like most infections have a long technical document on proper removal procedures but at the end of each of these documents the disclaimer is almost always the same: removal might mitigate risks but the infection might start up again and the only way to be certain that your computer is safe is to format the drive and start over.
Q: If I did the repair myself, what tools should I use?
A: I use Acronis True Image Home to image disks. You can mount the disk locally or from an external drive dock/bay. You can boot your computer from a CD and backup the infected disk to a new disk. A different or new disk is required. Once the backup is complete I check the resulting TIB file to make sure all of the documents and photos are there. If the infection is minor you can use Malwarebytes (custom scan including rootkits) and Clamwin to remove the infection. If it’s severe then format your old drive and reinstall Windows… once that’s done install True Image and manually copy the files/photos back to the new drive.
Q: Can you do this for me?
A: I might be able to help over the phone or by working on your computer remotely. I’m available by email at email@example.com. I live in the St. Louis area… if you’re local we might be able to work something out.
Be careful out there!