- Ultraviewer as service install#
- Ultraviewer as service software#
- Ultraviewer as service password#
- Ultraviewer as service license#
- Ultraviewer as service professional#
Usually they won't provide anything without a warrant or subpoena. If your dad has a basic home router, unless logging is enabled, you are out of luck without sending a request to his ISP to get what they logged in terms of network traffic. This can help one review what may have been done. If your father paid the scammers, please contact your local FBI office.Īs for your questions: You can backup and/or copy log files - especially the Windows event logs. Netflix, et al), and any network equipment.
Ultraviewer as service license#
You need to boot and nuke in situations like this - meaning reinstall Windows.īackup critical data and as others have said take note of license keys.Ĭhange all passwords - especially ones to financial, health, utility, pay for services (e.g.
Ultraviewer as service professional#
Long time security professional here and author of incident handler publications. (SANS is a Cybersecurity training organization). However this is something you likely don't have to worry about given that its likely just a tech support scam. If you google Windows Forensics there may be the topic if memory forensics, that is far gone since the computer has been turned off and the memory cleared. Just because its been changed, doesn't mean its new!
Ultraviewer as service password#
Password re-use (whereby a password gets stolen from one site and used against another from the same email) is of concern as well. Good on you for password resets, however I'd make sure to also say to utilize a password manager to contain long complex passwords for each site. Autoruns and scheduled tasks are going to be mechanisms for persistence (meaning they will rerun even after reboots). That said, each actor is different and they could have taken files or worse dropped files such as malware on the machine. These types of tech support scams are usually financially motivated and intend to sell "ongoing support" for money ranging in the hundreds of dollars. To answer your questions, yes there are ways to find out that information, its called Windows Forensics and can be very technical and thus intimidating, but there are some great resources out there (links at the bottom for a couple resources). Its a good thing and give him props for that. Security isn't always about bashing the user. Because, there will be a next time.įirst off, good on your dad for realizing it and catching on. Then you work on a reaction plan for the next time. Find out how a malicious user was able to social engineer their way into your users PCs and why it took 15mins for them to figure out 'something was wrong'. You have an educational moment with your users here.
Ultraviewer as service install#
Do not trust that the malicious user was unable to install even a root kit at this point.Īfter that, and more, is done.
Ultraviewer as service software#
If the hacked exported a list of saved passwords.all of that is at immediate risk right now.īackup your users important data, take note of any license keys they use and the software library installed. Get those bank passwords, Email passwords, hell even netflix passwords all changed. Reset the router management password, consider factory resetting it in the event port forwarding is enabled. You dont know what the malicious user installed/touched/did and chances are your Dad wont remember enough of the 'process flow' to assist in a proper IR. This is an immediate zero trust situation. But I'm not sure we want to take that chance. I have also read that this is not the biggest deal in the world because these people don't really take anything, so much as they try to convince you you have computer problems and get you to pay a fee to fix them. Anything else we should be concerned about that I'm not thinking of? How can I tell if any programs are sending out information over the internet even after doing all of the above? How do I see if any devices are somehow remotely logging into the network? (is that even a concern at the moment?) Is there a way to somehow go into the computer's recent history and see exactly what was done, what was accessed? For example, is there a way to see whether certain personal files were copied or if any tracking software was installed? I am also having him save his personal files to a hard drive and change some of his major passwords. I have a rudimentary understanding of this stuff so I remotely uninstalled Ultraviewer and ran malwarebytes and ccleaner. However, he can't say for sure that they didn't download anything.
After about 15 minutes he figured something was up, disconnected the call, and turned off his computer. As he describes it, the guy stayed on the phone with him talking about files that had been installed, problems with the network, and so forth. My dad tried to reach customer support for his printer and ended up calling a scam artist who convinced him to install Ultraviewer.