Need to remove remote access program/restore computer/Hacked?

I'm a tech assistant to an elderly gentleman who is not good with computers. He is an extremely nice man who thinks the best of people even in shady circumstances. I received a frantic voicemail from him, saying that someone had hacked into his facebook, followed by another saying that he had called facebook and resolved the error, but he thought it was overly expensive.

When I called him back he told me that he had shared a friends post about "facebook Pirates" and not 15 minutes later posts on his facebook began to dissapear. He googled the number for facebook technical support, and called "the"(a) company. They told him that his facebook had been hacked and others had set up profiles with his stolen image in a few places. Then they referred him to a service that could recover his facebook. He talked to an indian man, whom he gave remote access of his computer to "restore his facebook". While accessing my boss's computer he told him that he had a bunch of virus's and offered to remove them, and generally clean up his computer, for a price of $200, which my boss didn't have. It was reduced to 100 dollars and my boss gave him the go-ahead.

Now, he had JUST had a virus scan 2 days prior done by me, as well as basic defrag, disk clean, and a registry clean, so I know that his computer was in excellent working order, and there were no virus's. In fact, a basic peruse of the desktop would have told this man that my boss already had an anti-virus/spyware/malware program.

When I heard this I immediately looked over his computer. I deleted the anti-virus that the man installed, and ran the antivirus I already had installed, and ran the gauntlet one more time. I used the anti-virus history to find out what the man had put on the computer and found a program aamyy or something like that, which I believe is the remote access program that was used. But I can't delete the file, and it doesn't appear in the remove programs window. I also tried searching the registry for it and I can't seem to locate it there either, for all I know they could have named it something different and I have no other clues as to how to find it. I tried to restore the computer to a earlier date, and for some reason it said the computer couldn't be restored. As a precaution I backed up all files but I need to eliminate their way of getting back into the computer and I've run out of ideas.

Now the guy has called him back, and says there's more virus's on his computer and his facebook has been hacked again, both of which are not true, as I just did a virus scan yesterday. My boss says that a bunch of stuff "popped up" before the guy called, as if the man was in his computer again.

This is over my head, so any ideas or information you have, feel free to give. I need to remove a program that I can't delete, or find in either remove programs or the registry, and/or restore the computer to an earlier date. Or any other thing that would work, including helping me find the program in the registry.

OS: Windows XP

Thanks

3 Answers

Relevance
  • Anonymous
    7 years ago
    Best Answer

    I’m no expert when it comes to hacking, but…

    I run XP on my computer.

    Firstly, on your desktop click Start\Control Panel\System. Now click on the Remote tab.

    Make sure there is no tick in the box labelled "Allow Remote Assistance invitations to be sent from this computer".

    Make sure there is no tick in the box labelled "Allow users to connect remotely to this computer".

    Now click the Apply button, then click the OK button and return to your desktop.

    Also, whenever a web site asks if you wish your password to be remembered, always say no.

    If you run Firefox, click Tools\Options\Security. Under Passwords, make sure there is no tick in the box labelled "Remember passwords for sites". Now click the OK button.

    If you use a different browser, I'm sure there will be similar changes you should make.

    Once that's done...

    Try this:

    Boot your computer to the Safe Mode menu screen. You do this by repeatedly pressing F8 as soon as you boot up. Once there, use the arrow keys to highlight Safe Mode with Networking. Continue to boot from there, by pressing Enter. You will now see some drivers being loaded. There will be a pause at some point. This usually lasts for no more than 30 seconds.

    Once at your desktop, download this free package.

    When you click on the download button, wait for a few seconds and the download box will appear, without you having to enter your name or email address.

    Save it to your desktop, unzip it...click on start.exe...then click on Emergency Kit Scanner. Wait for it to open (this may take a couple of minutes), then get updates and run a Deep Scan (the scan may take a while):

    http://www.emsisoft.com/en/software/eek/

    Hope this helps.

  • 7 years ago

    First thing I would do is create another admin account that only you have access to (with a password). Change the user account that everyone uses to a standard user and change the password. This will help stop future malware from being installed without admin access. I would install malwarebytes and run a full system scan. If that doesn't hit on anything download adaware and run there full system scan. Adaware is good at detecting invisible programs such as key loggers and remote access trojans. Just don't install malwarebytes and adaware without uninstalling the other one otherwise you will get conflicts. Everyone that uses the computer needs to change all their passwords for email, social networking, online banking etc. Don't allow anyone else on it until it is clean. Worst case scenario if nothing works is to fully reformat the hard drive and reinstall xp.

  • Diane
    Lv 4
    4 years ago

    On another computer, download malwarebytes anti malware, then put the installer on a flashdrive/ cd. Then, restart your computer with the Trojan, boot into safe mode with networking. Install mbam, update and do a full scan and remove anything it finds

Still have questions? Get your answers by asking now.