Fake BSOD scammer cleanup...

[Markverhyden]

I was thinking for the cases where nothing overtly seems amiss. Some of them just display a parade of fake code and leave but I want to make sure there's no hidden backdoors, etc.

If no remote connection was made then resetting the browser, along with a "just in case" anti-malware scan, should be fine.

 

[JoeTech]

I do the usual clean up routine with anti-malware apps and virus scans. I also make sure to remove any team-viewer or other remote support apps as well in case they secretly set up unattended access options to get back into the pc through the support apps. In all the hundreds of cleanups I have done after the remote scams, I don't think I have found a virus they put on the pc. Most of it usually is adware that was already on there before they got scammed.

 

[jzukerman]

One tip I remember hearing about years ago at a IT seminar hosted by a Microsoft employee was to make a quick script using pskill.exe to end all running web browser processes. Then drop a shortcut on the desktop or taskbar. Then instruct the customer if they ever see those scammy error messages and cannot close the browser the normal way, to run the pskill script.