Okay, I don’t know all the specifics of what is going on here myself because I wasn’t in the room when this happened and this isn’t my personal laptop. It’s a work one - and not mine - which has information on it worth money going into possible millions.
Someone who claimed to be from an online tech support Co. (TechiesSquad.com) told the laptop’s owner to download and use LogMeIn Rescue when it became clear she couldn’t log in to FB. After the program was run, which said in its main window that some support tech got full system access, and the last line of the GUI app said “configuring…” the really freaky stuff started.
A command prompt window opened, at which point Cmd went through a WHOLE $#&#&$[at] BUNCH of tree commands with some files with names that look like a cross between WinSXS backup files and web markup (visible in pic) and the color of the cmd prompt (I first got in front of the computer at this point) changed from white to red. Last line was:
"computer hacked in china… etc "
I deactivated the internet as soon as I saw that, and I’m still here with it offline.
Running Malwarebytes is the only thing I can think of at this point.
Anything else I can do? The user didn’t burn recovery CDs (this is an HP ) and I thought Norton internet security with firewall was on this. Instead it’s protected by Windows Firewall >.< and TrendMicro (even worse IMHO) Titanium.
Run and RunOnce don’t show anything weird - except for “uninstall SkyDrive” entries, which I thought couldn’t be done without breaking Win 8. Should I delete them?
Please help, I don’t know what’s going on. If worse comes to worse I may be in over my head.
(EDIT: I checked the programs menu and it doesn’t say anything about LogMeIn ever having been installed.)
Also, I’m not sure about GMER. Hopefully someone else can help with this. By the way, is it possible for you to take screenshots of the results and upload those? Those taken by a camera are much more difficult to read.
So far nothing out of the ordinary has shown up post-restore - full CCE scans of the system and USB drives that were attached prior to restore are clean. I have CIS6 on it now and have been up late running still other tests on it.
I’m thinking this might have been a scare designed to get people to pay the company in question money. Scambook has a previous complaint already lodged that runs along these lines.