Hi all,

It's been about 10 years since I have used MS Windows and your advice would be welcome.

On Thursday morning a relative reached out to me.   They had been contacted by Spark to say that there computer was compromised and "Spark" wanted to do an online session to protect their computer.   I made my relative absolutely aware that this was a scam, ignore them completely, and never trust anyone that reaches out to you.  

Later that evening may relative was contacted again by "Spark" and which stage why relative told them that this was a scam and not to call again.  "Spark" then indicated that they would disable the internet for them, so my relative panicked and accepted the Zohodesk session.   During this session the "Spark" person asked my relative to log in to Westpac, TradeMe and a number of other sites, so that they could assess if they were secure.

After 3 hours on the phone and once the session finished, my relative gave me a call and asked if they needed to run a virus check.   My advice was, get off the phone, call the bank, stop all credit cards and in progress transactions, power off the computer and courier to me.   Unfortunately in this short time my relative had many thousands of dollars transferred out of their bank account.   We will pursue that with the bank.

After hearing the description of what happened, I have assumed that a key logger was installed (how else would they see the passwords), risk of a crypt locker installed, and probably harvesting of email accounts.

I have now received the computer and working out what the best plan of attack is.   It is off network.   There is data I would like to recover from it, and the data is pretty simple so should be unlikely to have any unwanted payloads in it.  However, I am also wondering at how effective Windows Defender is?   I initiated a scan and found TrojanDownloader.Win32/Dalesic.C on it which I have removed and the Zohodesh app that I have removed.  Nothing else is highlighted by Defender.

Would Defender have found any key loggers or cryptolockers?   

Do I need to use a different tool for neutralising threats?

Back in the old days I would have reformatted the HD and reinstalled the OS.   Is this still the best way?  (I am not even sure how to do this with Win10 these days!)