McAfee "Lifesave" failed to save my computer!

[Steven P. Administrators]

7 hours ago, Howard Davis said:

What is the "Dell asset tag", and how do I find it?

 

I have Acronis True Image with the data stored on an external HD, but it probably contains the malware along with everything else. I've never used it to restore a HD, and lacking experience I am reluctant to try, especially given that it may also be corrupted.

 

Please do not post any personal identifiable info here, since the whole world can view this topic I removed your email address from that post just now.

[Mando]

2 minutes ago, Steven P. said:

Please do not post any personal identifiable info here, since the whole world can view this topic I removed your email address from that post just now.

good call Ste, ive got the addy already, was going to ask for it to be edited out of the post.

 

Howard, either email me the tag by replying to the email i sent this morning. thats ofc if the PC is infact a Dell, i may have picked that up wrong.

[Howard Davis]

9 hours ago, Mando said:

good call Ste, ive got the addy already, was going to ask for it to be edited out of the post.

 

Howard, either email me the tag by replying to the email i sent this morning. thats ofc if the PC is infact a Dell, i may have picked that up wrong.

Received and replied to your email, Mando - thank you. 

 

For others here, here is some relevant information: 

 

This malicious scammer-hacker has been seizing control of my computer using the program Splashtop Streamer. When this comes on (black screen, sometimes with the Splashtop icon) I simply kill the power to the computer so it cannot proceed. I searched for Splashtop, found and deleted it, and emptied the recycle bin. Now, though it doesn't show in a search, it is STILL in the computer - as shown when running Boost. Other than this, the computer looks clean - both a McAfee LifeSave full scan and a Malwarebytes scan now show no threats found. Of course they do not recognize Splashtop as a threat, though it is. 

 

If Splashtop could be removed, all would probably be safe. The problem is HOW.
Am I correct?
How?

[DrunknMunky Veteran]

14 minutes ago, Howard Davis said:

Received and replied to your email, Mando - thank you. 

 

For others here, here is some relevant information: 

 

This malicious scammer-hacker has been seizing control of my computer using the program Splashtop Streamer. When this comes on (black screen, sometimes with the Splashtop icon) I simply kill the power to the computer so it cannot proceed. I searched for Splashtop, found and deleted it, and emptied the recycle bin. Now, though it doesn't show in a search, it is STILL in the computer - as shown when running Boost. Other than this, the computer looks clean - both a McAfee LifeSave full scan and a Malwarebytes scan now show no threats found. Of course they do not recognize Splashtop as a threat, though it is. 

 

If Splashtop could be removed, all would probably be safe. The problem is HOW.
Am I correct?
How?

You need to uninstall it, not delete it. Deleting the icon only removes the shortcut to the install location.

 

https://support.microsoft.com/en-gb/help/2601726

[goretsky Supervisor]

Hello,

Small suggestion:  If in the US, use https://www.microsoft.com/en-us/software-download/windows10 for a faster download of Windows 10 (and one which defaults to US English settings).

 

Regards,

 

Aryeh Goretsky

 

On 3/9/2018 at 2:10 PM, Mando said:

@Howard Davis

 

Its a work in progress until I get your dell asset tag mate.

 

https://docs.google.com/document/d/1cpCmiU35h-XE4614O1CIEZPZyXUmguEa7FCnHvKwXrU/edit?usp=sharing

 

 

 

[Howard Davis]

I have uninstalled Splashtop and am now most likely safe - without taking more drastic actions that could cause the loss of presently installed programs or files. 

 

Would upgrading to Win 10 be beneficial? I am of the school "If it ain't broken, don't fix it."

 

I want to thank you all here on NEOWIN for your expert advice and support. Though not having the computer expertise that many here do, I am an analog circuit designer specializing in audio and guitar effects device design. If I can be of any help to anyone here, feel free to contact me and I'll return the favor. 

[+BudMan MVC]

After such scenario - I would nuke that machine from orbit.. It really is the only way to be sure!!

[DrunknMunky Veteran]

3 hours ago, Howard Davis said:

I have uninstalled Splashtop and am now most likely safe - without taking more drastic actions that could cause the loss of presently installed programs or files. 

 

Would upgrading to Win 10 be beneficial? I am of the school "If it ain't broken, don't fix it."

 

I want to thank you all here on NEOWIN for your expert advice and support. Though not having the computer expertise that many here do, I am an analog circuit designer specializing in audio and guitar effects device design. If I can be of any help to anyone here, feel free to contact me and I'll return the favor. 

The problem is we don't know what the scammer has done to the PC while he has had access. It is still possible he has access via other means. Has Mando been able to remote with you to check it out? Is formatting the PC out of the question?

[Mando]

18 hours ago, Howard Davis said:

I have uninstalled Splashtop and am now most likely safe - without taking more drastic actions that could cause the loss of presently installed programs or files. 

 

Would upgrading to Win 10 be beneficial? I am of the school "If it ain't broken, don't fix it."

 

I want to thank you all here on NEOWIN for your expert advice and support. Though not having the computer expertise that many here do, I am an analog circuit designer specializing in audio and guitar effects device design. If I can be of any help to anyone here, feel free to contact me and I'll return the favor. 

hey up mate.

 

Sorry ive been slow to respond, got a call late on Friday night to assist with a malware outbreak on our Asia-Pac estate. Those dam asians and their keygens.....I swear to god its like back in the 90s! 90% of my workload comes from that sector.

 

re: PC

I still think it would be beneficial to review some things, if your really against reformatting (its the only sure way to know 100% its clean), at least install reputable protection, I believe Gorestsky was kind enough to supply you with a free licence to E-set, I would highly recommend you take him up on the kind offer and install this.

 

this coupled with a general  review of your system remotely would still be of value.

 

 

 

[GTR707]

On 3/9/2018 at 10:32 PM, Howard Davis said:

I DO have Acronis True Image and an external HD for the data. The problem is that the malware is probably now in those backups going back for over a month! 

Before performing a backup of your system you should run a scan and know your system is clean. 

[Howard Davis]

9 hours ago, Mando said:

hey up mate.

 

Sorry ive been slow to respond, got a call late on Friday night to assist with a malware outbreak on our Asia-Pac estate. Those dam asians and their keygens.....I swear to god its like back in the 90s! 90% of my workload comes from that sector.

 

re: PC

I still think it would be beneficial to review some things, if your really against reformatting (its the only sure way to know 100% its clean), at least install reputable protection, I believe Gorestsky was kind enough to supply you with a free licence to E-set, I would highly recommend you take him up on the kind offer and install this.

 

this coupled with a general  review of your system remotely would still be of value.

 

 

 

Thank you, Mando. No problem with the delayed response - I'm grateful for your advice. People like you restore my faith in human nature. 

 

I can install the E-set protection Gorestsky was kind enough to send me, but I'd like to be sure first it would not conflict with McAfee or Malwarebytes and is clearly superior to these.  What do you think? If I can have superior antivirus and anti-malware protection from just one application, that would be great! 

 

Splashtop has been uninstalled and scans all come up clean. There is one problem though:

Yesterday I found that the external hard drive ("E") and USB port ("F") have been reversed, E is now F and vice versa. Today I went to access E, and found it has become "L." Something is unstable here, but I do not think it is anything being done presently from outside. 

 

 

 

[Ve7878]

I can install the E-set protection Gorestsky was kind enough to send me, but I'd like to be sure first it would not conflict with McAfee or Malwarebytes and is clearly superior to these.  What do you think? If I can have superior antivirus and anti-malware protection from just one application, that would be great!

 

It would be best to remove the other anti malware software first. 

[+Warwagon MVC]

9 hours ago, GTR707 said:

Before performing a backup of your system you should run a scan and know your system is clean. 

Well seeing how every AV doesn't catch 100% of everything, running a scan you wouldn't "Know" your system is clean but it would "appear clean to be clean"

[+Warwagon MVC]

1 hour ago, Howard Davis said:

Splashtop has been uninstalled and scans all come up clean. There is one problem though:

Yesterday I found that the external hard drive ("E") and USB port ("F") have been reversed, E is now F and vice versa. Today I went to access E, and found it has become "L." Something is unstable here, but I do not think it is anything being done presently from outside. 

 

 

I've always never found drive letters of USB external hard drives that reliable which is why I backup to drive Labels instead of letters. Easy problem to correct though. Just right click on the start button and select "Disk Management", then change the drive letters of the drive. For a moment you may have to change the drive letter to something other than what you want, just so you can set the other drive to it's letter, then set the other drive back to what you want with the now available letter.

 

Hell, Windows 10 is so stupid that it will give an external hard drive the same letter as a mapped network drive.

[GTR707]

23 minutes ago, warwagon said:

Well seeing how every AV doesn't catch 100% of everything, running a scan you wouldn't "Know" your system is clean but it would "appear clean to be clean"

Anyone who's anyone knows this. You run a scan with your resident antivirus. You also follow up with second opinion on demand scanners such as EEK, HMP, Zemana, KVRT. Also every PC owner should be aware of what is installed on their pc's and what is running in task manager. Again been surfing the net for over 19 years. Never once been infected. 

[bikeman25]

Even Myself have learned more than i used to know on scams, PC infections,  back when i wasn't so smart i somehow got ahold of boot sector virus when i was testing at the time Windows Live One Care, think was my own fault though for getting severely infected then,   After that switched to Avast Free, and been infection free since, plus use Malwarebytes free for second opinion and sometimes online scan with Eset online virus scanner.  

 

Key lessons i have learned over the years

1. Pick 1 resident antivirus program and stick with it,  no switching to different programs weekly like i used to

2. Make sure system image done with Macrium Reflect Free every 2 weeks or before major update

3. Download/install less

4. Buy movies, tv shows and songs legally

5. run second opinion scanner before backup, and resident av as well, and perhaps online scan to

6. Keep backup offsite as well either with cloud storage or physical drive stored at relative or friends place, and switch it out every 3-4 weeks what i try to stick to

 

Thinking all my stuff is safe these days,  hope the original poster gets issue fully solved, and learned from this thread very well.   

 

 

[DrunknMunky Veteran]

16 hours ago, Howard Davis said:

Thank you, Mando. No problem with the delayed response - I'm grateful for your advice. People like you restore my faith in human nature. 

 

I can install the E-set protection Gorestsky was kind enough to send me, but I'd like to be sure first it would not conflict with McAfee or Malwarebytes and is clearly superior to these.  What do you think? If I can have superior antivirus and anti-malware protection from just one application, that would be great! 

 

Splashtop has been uninstalled and scans all come up clean. There is one problem though:

Yesterday I found that the external hard drive ("E") and USB port ("F") have been reversed, E is now F and vice versa. Today I went to access E, and found it has become "L." Something is unstable here, but I do not think it is anything being done presently from outside.

ESET is one of the best AV and security software suites you can buy, so uninstall McAfee and install ESET provided by Gorestsky.

 

You can keep ESET and Malwarebytes on your PC without causing conflict.

 

Just to reiterate this, the scammer did not install a malicious application to gain access to your PC. I suspect all he did was walk you through the installation of a remote access application (Splashtop). This application has perfectly legit uses for computers and would never be identified by anti-virus products as a threat. He could have done the same with any number of remote access applications such as TeamViewer, LogMeIn and others. If he did, again, they will not appear as malicious software when you scan for threats using McAfee or Malwarebytes. That is why we are stressing that your PC may still be accessible by the scammer. Have you noticed any more odd behaviour like the screen flashing black or the mouse moving on its own since you uninstalled Splashtop?

 

If he was more professional in his methods once he took control of your PC, he could have done any number of more malicious activities, but that doesn't appear to be the case. We can't be 100% sure though. This is why it is a really good idea to backup your important data to an external device and format this PC for a clean break.

[GTR707]

3 hours ago, Andrew said:

ESET is one of the best AV and security software suites you can buy, so uninstall McAfee and install ESET provided by Gorestsky.

 

You can keep ESET and Malwarebytes on your PC without causing conflict.

 

Just to reiterate this, the scammer did not install a malicious application to gain access to your PC. I suspect all he did was walk you through the installation of a remote access application (Splashtop). This application has perfectly legit uses for computers and would never be identified by anti-virus products as a threat. He could have done the same with any number of remote access applications such as TeamViewer, LogMeIn and others. If he did, again, they will not appear as malicious software when you scan for threats using McAfee or Malwarebytes. That is why we are stressing that your PC may still be accessible by the scammer. Have you noticed any more odd behaviour like the screen flashing black or the mouse moving on its own since you uninstalled Splashtop?

 

If he was more professional in his methods once he took control of your PC, he could have done any number of more malicious activities, but that doesn't appear to be the case. We can't be 100% sure though. This is why it is a really good idea to backup your important data to an external device and format this PC for a clean break.

ESET is a joke and there detection rate is nothing when compared to others in all the latest testing. No reason to spend any sort of money on any antivirus. Avast Free, AVG Free, Kaspersky Free, Panda Free, Avira Free and Bitdefender Free all have superior detection rates in comparison to ESET. And they are all FREE!

[DrunknMunky Veteran]

1 minute ago, GTR707 said:

ESET is a joke and there detection rate is nothing when compared to others in all the latest testing. No reason to spend any sort of money on any antivirus. Avast Free, AVG Free, Kaspersky Free, Panda Free, Avira Free and Bitdefender Free all have superior detection rates in comparison to ESET. And they are all FREE!

He got a free copy of ESET from one of our MVCs.

[GTR707]

31 minutes ago, Andrew said:

He got a free copy of ESET from one of our MVCs.

Free subscription or not it does not change the fact that ESET doesn't even come in the top 10 in AV Comparatives or AVTest.org. 

[Steven P. Administrators]

23 minutes ago, GTR707 said:

Free subscription or not it does not change the fact that ESET doesn't even come in the top 10 in AV Comparatives or AVTest.org. 

ORLY?

 

https://antivirusprotection.reviews/best-antivirus/ (in the list)

https://www.pcmag.com/article2/0,2817,2372364,00.asp (in the list)

https://www.av-test.org/en/antivirus/home-windows/ (in the list at #8 for Dec 2017) <-- your own example!

 

Stop spreading FUD!

[GTR707]

11 minutes ago, Steven P. said:

ORLY?

 

https://antivirusprotection.reviews/best-antivirus/ (in the list)

https://www.pcmag.com/article2/0,2817,2372364,00.asp (in the list)

https://antivirus.comodo.com/blog/computer-safety/best-free-antivirus-software-of-2018/ (in the list)

https://www.av-test.org/en/antivirus/home-windows/ (in the list at #8 for Dec 2017) <-- your own example!

 

Stop spreading FUD!

Where the heck do you get your data from. I did not say a review. I said actual testing. Do you even have a clue? You don't know how to even sort by protection in AVTest.org. If you did then you would see that Eset is #16 out of 20. And it is #14 out of 21 on AV Comparatives. Come back when you have a clue. Heck Windows Defender scores higher then Eset. 

[Steven P. Administrators]

39 minutes ago, GTR707 said:

Where the heck do you get your data from. I did not say a review. I said actual testing. Do you even have a clue? You don't know how to even sort by protection in AVTest.org. If you did then you would see that Eset is #16 out of 20. And it is #14 out of 21 on AV Comparatives. Come back when you have a clue. Heck Windows Defender scores higher then Eset. 

 

 

That site is clearly being paid by Panda AV.

[GTR707]

2 minutes ago, Steven P. said:

That site is clearly being paid by Panda AV.

Clearly once again your are clueless. 

[Steven P. Administrators]

Just now, GTR707 said:

Clearly once again your are clueless. 

 

Clearly Bullguard are paying for these results.