Two days ago, my wife, not being technically skeptical enough, allowed our computer to be remotely taken over by one of those phone phishing scams a couple days ago. While this is a common and well-documented scam, it is our first experience with it. They use legit remote access software from Ammyy to offer (and in our case, access) to work on your computer remotely. But Ammyy isn't any part of the scam.
I have read a number of the posts here about this scam, but haven't found one with my issue, which is I now can't get into my computer.
Will make a long story short - some guy cold-called our house, asked my wife if we have been having computer problems and have an older maching, both of which are accurate in our case. After pointing out all the "problems" as recorded in the Event Viewer, my wife allowed him to take remote control of our computer. Once he did the "free scan" and removed the some initial "problems", he offered to do make us a 'premium customer' for $80. At that point, she ended the call. But not before, of course, some damage had been done. Clearly thru the remote access he planted some malware that I can't get by, and I'm wondering/hoping the damage may have ended there.
1. When I start the computer, it won't let me in without a special admin password. (the Dell logo shows, followed by the XP logo, then the bogus login window). This is something they planted and we don't have a 'password' for. I have tried starting in Safe Mode and Last Known Good Config, neither of which work -- I still get the log in screen. Any ideas on how I can get past this? If I boot from the OS disk that Dell sent with the computer, will that work? Haven't done this before -- anything special to know?
2. Can other computers that access our wifi be impacted? We havene't seen evidence of this yet.
3. My wife didn't provide any credit card info, so am wondering just how much they can get. No online banking is done thru this machine, tho my wife receives email from her mom's bank, as we handle some of her basic financial dealings. As I type, they are both at Wells Fargo now changing accounts. However, I haven't taken any action yet thru our bank. Haven't seen any issues yet and been watching closely. So am wondering just what can be done by these bad guys. My wife does some Amazon online purchasing, but again, acct numbers and such are usually "x'd" out except for last few numbers, and that is always on the Amazon (or other merchant) side. Am wondering if all they were looking for was to try and get credit card info for use.
4. The malware they planted could be a botnet and they are using it to plant similar bad stuff on computers thru an email contact list. any way of knowing?
5. Once I get in, I am going to scan with MalwareBytes and Microsoft Security Essentials. Any other suggestions?