So Mum got malware in late March, but didn’t recognise it as suspicious until early April. She then told me about it and I had a look at her computer. Here is what I think happened.
She downloaded something from a dodgy website in late March. This installed 3 suspicious looking programs, which are still installed, plus some other things, some of which I have dealt with.
Whatever she downloaded did various things. One of them was changing her homepage on Chrome and adding a chrome extension. Thankfully I looked through her browsing history between the time the programs were installed and when I looked at it (just under two weeks) and don't think she went on any websites that would be too critical. She only looked at her emails using the Outlook desktop app. She did access onedrive dot live dot com at one point but we’ve checked her account on another laptop and that email account wasn’t logged in anywhere else which was a relief.
When I did look at her machine a few weeks ago (early April) I disconnected it from the internet and it's been left with power on/plugged in but no internet since then (I didn't want to turn it off in case there were any startup programs that would kick in on restart).
Running Avast and Windows defender scans did not detect the items, which was frustrating.
I removed a suspicious chrome extension that had been installed, which also changed her homepage and new tab page. I’ve changed all that back, though yet to do things like reset all the Chrome settings or reinstall Chrome. There was a folder in User Data/Default/Extensions for the extension which I deleted.
There were a couple of task manager tasks which were running, which were obviously dodgy (same name as the extension/recently installed programs), and I’ve ended those processes. There was a startup app which I’ve disabled too. There was something in the task scheduler some of which I think I’ve got rid of but other parts of it I might not have. I’m yet to uninstall the malicious programs as I don’t know what the best way to do that is – when I tried to uninstall one of them via Apps>Installed Apps, it brought up a window which was clearly made by the maker of the malicious app meaning ‘uninstalling’ it via this would be running *their* uninstaller. So I didn’t want to do that in case there are better ways.
I haven't run malwarebytes yet as the computer has been disconnected from the internet and so I haven't wanted to download the program. But it did occur to me to just download onto a usb stick via another laptop and copy over.
In terms of handing it to a local technical support company, I would like to do that but honestly a bit concerned about them snooping around the laptop. It’s very hard to know if there is any personal info on there because she’s not particularly organised and I don’t have time to go through all her stuff. One thing is that she is logged into her emails on the laptop on Outlook desktop app. I’ve tried to log out of the app but I can’t seem to do it because you apparently need to be connected to the internet to log out of it.
My thought is just to ask around friends to see if any of them have any recommendations for tech support people or even better any specific people they know who work in tech support places who would be able to help.
Are there any other precautions worth taking?