A friend of mine fell for the Microsoft phone phishing scam and I am trying to help clean the computer up. After accepting the offer to allow remote assistance (due to the suggestion that virus' were being sent from my friend's IP address ), the computer was under control of an unknown person for about 5 minutes. Except for finding the methodology for connecting the computer remotely, I am having trouble trying to find anything wrong with the computer.
I strongly suggested a re-install of everything, which does not seem to be an option at this time. I'm aware that settings have probably been changed that leave the computer open and vulnerable.
I did malware, adware, and virus checks - nothing huge on the radar.
I've changed the DNS settings on my friends router to OpenDNS. At least he can monitor traffic from his network to see if anything is not as it should be.
Any other thoughts as to what I should be looking for?
Was anything secure stored on the PC that could facilitate identity theft? All passwords should be reset too. Personally I would reformat and re-install since they could have installed any numbers of monitoring apps or services that a virus scanner would not pick up on.