Is Windows 10 reset sufficient for comprimised PC

[carmen617]

Client is the typical old guy who got a screaming pop up telling him his system was infected, and allowed the scammers onto his computer. He's changed passwords, etc, but I have the system in hand to get back to him clean.

Generally I wouldn't be overly concerned, but this gentleman is rather well off and a retired investment counselor. He has a several personal financial accounts and does a lot of trading/checking, etc on his computer, so it's important that the system be free of any lingering malware, keyloggers, whatever.

Question for the audience, do you think a Windows 10 reset is sufficient? Or a Windows 10 refresh, which is a bit deeper? Or should I do a complete nuke and pave. Also, system is backed up with Fabs, is there any risk of anything getting replaced when I do a Fabs restore?

 

[Larry Sabo]

If he's willing, get him to pay for a new SSD, fresh install W10 to it, Fabs the data to a back-up drive, erase and re-initialize the patient hard drive then restore the Fabs data after scanning it for malware. I wouldn't feel that a refresh or reset is sufficient. If he loses big money and comes after you, you will have to defend what you have done to make him whole again.

 

[Markverhyden]

^^^ What Larry said. Since you cannot be completely sure there is nothing left lurking behind a nuke and pave is in order. To be honest the "well off'ness" means nothing to me. Everyone has what ever is important to them on the computer and doing what ever I can do to preserve and protect their privacy matters to me. I'll cover the whole spectrum from FDE to ani-malware and best operating practices(logins, screen lock, password, etc). It's their decision on what they want to implement.

If he does not already have an SSD that is probably the best upgrade that money can buy for a modern computer. He'll notice and remember the difference.

 

[carmen617]

He's 86 years old - I love SSD upgrades and so do we all, but I don't think that's necessary in this case. The system is actually pretty up to date and works quite well. I just want to get it back to him as soon as possible (because he misses it) and in the best possible shape. Since a system reset keeps the settings, that doesn't seem the best idea. A system refresh (the one that basically puts a clean copy of Windows on with no OEM bloat and moves his current user profile to "Windows Old) would seem to do enough - I can just move his data back where it belongs and forget about the settings. However, I have no issue doing a full nuke and pave and restoring the Fabs backup - if I can be assured that the settings that Fabs restores aren't compromised as well, in which case what's the difference between that and the system reset/refresh?

 

[Markverhyden]

The only concern I'd have about FABS is browser stuff. Technically it would be possible, though remote, to poison plugins, history and bookmarks.

 

[carmen617]

Ok, nuke, pave, Fabs it is!

 

[cypress]

Ok, nuke, pave, Fabs it is!

Yeah that is the route I would go. I would be leary of restore browser favorites and such though.

 

[Slaters Kustum Machines]

Yep, N&P. With 10 it takes about the same time whether reset or N&P, just go full nuke.