0

A friend tells me he clicked on a sketchy pop-up, now he thinks his computer got a "trojan virus" and all his data has been wiped out. None of that makes any sense to me, so I told him I'd take a look at it for him. I haven't done a lot of this sort of forensic cleaning on a machine with which I've had no prior contact, so I'm looking for advice on a starting point. I'd like to avoid doing any additional damage, and certainly don't want to spread whatever might be on it to my local network, so I'm not going to connect it to my LAN. Is there a boot disk/image of some sort that contains malware scanning software that I should try first? I really have no idea what the condition of the machine might be, or if it's even bootable into Windows at the moment. His son told him he "might need to buy a new OS", so I don't know if that means the OS install is corrupted, or if he's just an idiot. lol Any advice appreciated.

Mike Piantanida
  • 1
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jun 21 '23 at 16:28
  • Rule of thumb, after clicking a malicious link: if a user entered credentials, change all passwords. If that did not happen, run virus scanner and malware scanner, and also check browser popup notification settings for all websites. When in doubt, reinstall windows. – LPChip Jun 21 '23 at 16:39
  • 1
    Assuming it's Windows OS, boot from a USB drive with different OS and salvage data... if possible. Then format the old drive or even discard it. – DrMoishe Pippik Jun 21 '23 at 16:46
  • 1
    "*so I'm looking for advice on a starting point*", the starting point should be clarifying what the heck he is talking about! "*None of that makes any sense to me*" it indeed doesn't make sense, so it's possible that he's simply afraid of a popup notification or what. So first thing gather info from him what exactly he did and where/how/what he sees that makes him think whatever it is that he claims to be happening – Yisroel Tech Jun 21 '23 at 16:46
  • Thanks to everyone for the comments. Sorry for the delay, I didn't get any notice of your replies, so I had to just remember to come back here to check, which I just did, and found the topic closed. I'm not sure why, since my question is NOT "how do I remove malware?", but anyway... Short version, I was not able to get any more info from the user. He's clueless. I'm recovering what data I can from the drive and wiping it. I may just get a new drive. I was hoping to get info about diagnostic tools that I know exist, but I may have asked in the wrong place, sorry. :) Thanks for the help. – Mike Piantanida Jun 25 '23 at 02:02

0 Answers0