Is changing my password enough?

Changing your password is a common response to account hacks. Unfortunately, it isn't enough.

I regularly hear from people who’ve had their email or other online account compromised, are able to recover access to it, and change their password, only to have the account stolen again almost immediately.

The problem is actually quite simple, but the solution is a bit of work.

First, you have to realize that while someone else has access to your account, they have access to everything related to that account.

As a result, changing your password just isn’t enough. You need to do more.

Recovery information

You authenticate with most online systems by providing a user name and a password. Your user name might well be publicly visible, but your password should be known only to you.

Most systems also provide a mechanism whereby you can recover or reset your password should you forget it. They use a variety of means, but they all boil down to the same thing: they use one or more additional pieces of information – often referred to as recovery information – to validate that you are who you say you are, and thus entitled to regain access to the account.

It’s that recovery information that presents the greatest risk once your account has been compromised.

Let’s look at some examples of what I mean, why it’s a risk, and what you should do about each, in addition to changing your password.

Email addresses

Many, if not most, online accounts require your email address. In the case of an email account (like Outlook.com, Gmail, or the like), there’s also often an “alternate” email address.

You've Been Hacked!Systems often provide the ability to send a password reset message to the email address of record, or the alternate email address, should you lose your password. Since only you could have set it up, by definition, that email address should be yours. Your ability to receive a message at that address confirms you are the rightful account holder.

Once your account has been compromised, a smart hacker will immediately change the email address or alternate email address to one he or she has access to. That way, if you request a password reset, they’ll get it, not you. Similarly, if you change the password, all the hacker has to do is request a password reset, and she’ll regain access to the account.

What you should do: once you’ve regained access to your account, immediately verify that all email addresses associated with that account are yours. If they aren’t, change them right away.

Secret questions

It’s falling out of favor these days, but as a second layer of security, many systems have you set up answers to questions.  The answers you choose verify your identity should you lose your password, and so are questions only you should know, such as your mother’s maiden name, the name of your first pet, or your favorite teacher. If you forget your password, the system asks you one or more of these questions. If your answer matches what you set up originally, then you must be who you say you are, and you regain account access.

One of the problems with the technique is that often, the answers aren’t secret at all. Even a little browsing on your social media sites can often tell potential hackers a great deal about you, including many of the answers to these so-called secret questions.1

Of course, once a hacker has access to your account, he can change all the answers to his own. That way, should you regain access to the account and change the password, she can just invoke the password recovery mechanism and regain access herself.

What you should do: once you’ve regained access to a hacked account, change all your secret answers immediately. Even if they’ve been untouched, the attacker could simply have written them down. Change them to something new – ideally, answers that are completely unrelated to the questions, but that you’ll remember in the future.

Mobile numbers

Many service providers are now replacing secret questions with the use of mobile or phone numbers instead. The concept is that when account recovery is needed, they can text or voice call that number with a code. You then provide that code, which proves you are in possession of the phone. Since you set up that phone number, you must be the authorized account holder.

By now, you probably realize that once a hacker has access to your account, they can and do change that number to be their own, too. Any mobile-based account-recovery attempts are now redirected to the hacker.

What you should do: as soon as you get back into your hacked account, confirm that the phone numbers associated with it are still your own.

Billing information

It’s rare, but some systems use billing information, such as a credit card number already on file, or your billing address, in account recovery-and-validation attempts. If you have this kind of information on file, a) a hacker may be able to start using it, potentially racking up charges that you may or may not be liable for, and b) a hacker can change it, so if it’s used for account recovery purposes, it’s the hacker who regains access, not you.

What you should do: change or remove this information as soon as you get your account back, and check with your credit-card provider immediately for any improper charges.

The bottom line

By now, you should see a distinct pattern: any and all information that can be used to recover your account should be validated, removed, or changed the instant you get your account back. That includes personal information, PINs, secret questions and answers, alternate email addresses, and more – anything the system you’re dealing with might use for account validation and recovery.

If you don’t, and the individual that hacked your account has even half a clue (and many do these days), it’s very possible you could recover your account, only to find it hacked again within hours or minutes.

You should also consider increasing the security of your account by adding two-factor authentication to prevent future hacks, as well as setting up any single-use or pre-defined recovery codes for those systems that support it.

This is an update to an article originally posted : November 6, 2009
Play
Footnotes and references

1: I think this is probably the biggest reason secret questions are being used less often of late.

Comments

  1. Tony M.

    This may be the most valuable information regarding personal cyber security that I have ever seen. All the anti-virus programs and firewalls in the world will do little good if you’re blabbing your “secret” information to the world via social networking sites.

    This is precisely how Sarah Palin’s e-mail account was hacked. A malicious individual, seeing publicly-available details about her, was successfully able to provide the correct answers to the security questions Mrs. Palin used for one of her e-mail accounts. Through this vulnerability, the hacker obtained access to the governor’s personal e-mail.

    Thank you, Leo, for such thorough coverage of this personal security problem.

    • the oncoming storm

      sorry for the necropost, but this case is exactly why i use falsified information as to security questions. i have random answers that are not posted anywhere else and are outright lies. simple lies that are easy to remember, but lies all the same.

  2. MmeMoxie

    I fully agree with Tony M. Leo, you are ‘right on’ with your information.

    Only one note, the good ISP’s will tell you to close down the ‘hacked’ account and create a complete new one. New user name, password, secret questions, the whole nine yards.

  3. Digby Lowe

    The 2nd email address could be used to break the hacker’s stranglehold on the primary account if the primary mail provider were to automatically refer to the 2nd mail address all changes made to password and proposed changes to 2nd mail addess – i.e. effectively pass master control of the primary account to the 2nd account. Do I get a prize for that idea?!!

  4. Rick

    A bigger problem is that the major webmail players have password recovery mechanisms that do not even rely of ‘secret’ questions, but rather a recollection or best guess of how you have used the service.

    For example, GMail’s Password Recovery page starts with, “If you’ve already tried to reset your password and you’re still unable to access your Google Account, fill out the form below. Please answer each question as thoroughly and accurately as possible; the strength of your answers will determine if we can return your account. If you’re not certain about some of the dates, provide your closest estimate.”

    The problem here is that a hacker gets to offer an alternate ‘alternative’ email address and answer a few questions about what other Google services the user might have used (along with estimates of dates) . . . and a few other tidbits that are not super difficult to work out. If the mix seems probable to Google they sent a reset email to the proferred alternate email address.

    In other words, if a hacker can work out what other Google services this user has and the approximate creation dates, he or she had a pretty good chance of taking control of the account.

  5. Evan B Merz

    While I have had no difficulties in this area (knock on wood), I remain concerned. I check credit card charges at least twice a month and my credit card and debit card likewise, so I think I’m on top of this problem. Incidentally, my ISP has withheld emails because they are questionable and appear to be complete strangers to me.

  6. Ron Inabinet

    I believe that my computer has been compromised to a degree. Several months ago,I don`t even remember when, I checked to see if I was the only name logged into my computer. To my amazement I was NOT the only person logged in. I kinda freaked and shut my computer down without writing down the “other” name.I have checked back often but found no one else logged in; this might be due to the fact that I have gotten a router.Just a couple of weeks ago I was going to log into my yahoo email account but I saw my computer password already typed into the space provided. I still get those stew-pid nigerian scams about money but, I always just delete them. I believe the unsolicitated emails of offers to view womens` private photos and chat sessions with unknown women,supposedly are nothing but hacking or spoofing scams. My yahoo email account hasn`t been hacked but I have suspicions that my computer is watched by parties unknown.

  7. craig

    In regard to ‘secret’ questions; if you have a set question there are limited ‘truthful’ answers. Try using one or two universal answers for all secret questions on all your web-based security. Like, Mothers maiden name? Venus, or blue whale, or Mitsubishi, or River Phoenix, and First pet you had? River Phoenix, Mitsubishi… etc.
    This makes guessing the answers nearly impossible and we’ve now made the answers endless, rather than the limited truthfull stock – AND it makes ur answers easy to remember IF you stick to the same ones all the time.
    FYI – Some profile setting areas in some web sites will show you your ‘secret answers’ which make the secret viod if you account is hacked.

  8. kate

    Leo, I have read a few of your articles. I have had the ‘free email – hotmail problem’ where my hotmail is sending spam email (always the same email, copied below – hope that’s ok… but the link is in it). I have changed my password. I have tried to contact hotmail on windows help, but no reply. http://windowslivehelp.com/thread.aspx?postid=7B1464C2-0DA5-4A0B-85A3-C6BF19B4DF4A#7B1464C2-0DA5-4A0B-85A3-C6BF19B4DF4A.
    I have used my hotmail account for some time and would hate to give it up and lose touch. Do I have any choice but to close it? I can’t seem to get any help from hotmail / answers on the windows forum.
    Thank you for your good articles and links to more of your articles… I found it good to know that really there isn’t much I can do… but I thought I would ask: Is there anyway to report this email to an authority?
    Thanks.
    SPAM email below

    Hi,my friend,
    I find a good website,I would like to introduce it to you It will give you big surprise:excellent products,high quality competitive price.If you are free, please visit it: [link removed] have a nice day! ~–b

    As the article you’re commenting on states, changing your password is not enough. If you can cover everything else outlined, and have attempted to get help at the support forum, then I know of nothing else left for you to do.

    Leo
    26-Mar-2010

  9. Faith

    Thank you so much for this. My gmail account was hacked just this morning, and although I logged the hacker out and changed my password to a much stronger one, I hadn’t thought about any of these other possibilities until I read this article, and I’m so glad I did.

  10. Jennifer Wolford

    I have always added a contact to my e-mail contact lists. I add: aaaaaaaaaaaaa@aa.com
    Since this does not exsist, and will be the first email address to be used (alphabetically) anytime mail is sent from me (bulk, all included) I get a notice that it could not be delivered to that account. Since I know I would not have sent to that contact, I know something is wront.

    The usefulness of that approach (having a bogus address early on in the address book) has been highly overrated. I wouldn’t bother.

    Leo
    07-May-2010

    • Mary

      I do have a couple of my different addresses in my address book.
      Unless they are alert, I would get a copy of the message(s) sent out.

  11. Cassie

    I had to go to the “site permissions” page on my AOL account and found there were three sites I had “given permission” to access my account, I deleted them all and changed password and security question. Hope this does it. I was unaware there was a site permissions page.

  12. HESHAM KHATTAB

    TODAY ONE STEAL MY EMAIL AND ASK ALL MY CONTACT LIST TO SEND MONEY TO ME IN LONDON I AM AT HOME IN EGYPT IHAVE CHANGED MY PASSWORD DO YOU NEED DETAILS TO FOLLOW .YESTERDAY I HAVE RECEIVED EMAIL FROM YOU ASKING INFORMATION AND PASSWORD IT IS FROM YOU ??DO YOU NEED COPY GIVE ME YOUR EMAIL TO SEND .HESHAM KHATTAB

  13. Christy

    I just read your article and found it incredibly helpful! I changed my password, changed my secret question answer to one that is hopefully hard to guess and checked all of my other information. Thankfully I started this email address when I was 17 and was too busy to add a lot of info on the account page so all it really has is my email address that they already know, my secret question and that I live in the USA. My question is: do you think that since there isn’t really any other information on there and I changed what was on there, should I be safe now or should I do something else? I really hate to have to change my email address, I’ve had it for ten years and everyone knows it :/

  14. dennis isaacs

    I’ve changed my email password and security question answer to something that is not recognizable. I also also deleted my alternate email. Ads are still being sent to my contacts. What else can I do?

    Thank you

  15. BatMan

    Quick Side Note: do a Google/Bing/Yahoo Search for your Email Address. If any Results POP up with your address… then its guaranteed that SPAMMERS already have your address, and have been causing mischief.

    Okay, Moving on:
    If you are being Blamed for SPAM’ing People who you do NOT know, and by people that you have NEVER emailed before (aka, ‘Strangers’)…. then its probably NOT you. Your account was ‘probably’ Never compromised.

    However, If you are being Blamed for SPAM’ing People who you Do know, and by people who you DO email (aka, ‘Your Friends’)… then your account COULD be compromised.
    In fact, if almost Everyone who complains is one of your ‘Friends’; and they ALL say the Spam came from you, then take it as a Higher & Higher probability it’s Your Account thats the source.

    Most likely, Your Email account Was hacked at some point in the Past, the hacker exported out your entire AddressBook; and has now finally begun Spamming all your addressbook-friends.
    ****
    Important Note: 10 years ago, the spam came directly from your friend’s infected windows pc. once he cleaned the infection, the spamming stopped.
    However, this SPAM 2.0 has a new TWIST: the spam is being delivered via someone’s open-relay-server. removing the infection on your friend’s windows pc will NOT stop the Spam from the Relay server.
    ***

    Let me Over-simplify with this quick analogy:
    It is the equivalent to ‘Me’ Crashing ‘Your’ Wedding, then Copying down All the Names & Addresses of everyone who signed ‘your’ GuestBook, then ‘me’ quietly sneaking out the back door… and then 2 weeks later i start phoning all ‘your’ Guests asking them to buy this magic Viagra medicine… but i pretend to be YOU on the Phone!!!

    if you can Grasp this Analogy… then now you Understand the full problem.

    EVERYBODY who signed the Guestbook loses in this scenario. You ‘could’ Close out your email account and go get a New one (Change teh locks on your doors, change your phone#, and/or move to a new House); but the SPAMMER (me) still has the contact info of ALL your Friends… So they are STILL going to get annoying phone calls from Me.
    Thus, no real escape for your friends… Unless they ALL Change their Phone #’s and move to new houses as well (Highly unlikely).

    But even if they Did… as soon as i Crash the Next Wedding… the cycle will Start over again!!

    Best Solution:
    Go get a Drink!

  16. Michael Horowitz

    There is yet another problem.

    A bad guy could set up a forwarding rule such that all your email is forwarded to him. No need for passwords after that. You still get your email and the bad guy never needs to logon to your account again, after the first time.

    Probably a good idea, after a webmail password is stolen, to review ALL the account settings.

    This is one thing, at least, that Hotmail is good at – if a forwarding rule has been set there’s a big notification at the top of your inbox that tells you so. I’m sure that varies from provider to provider. Next time I update this article I’ll include your point – thanks.

    Leo
    20-Dec-2010

  17. Elle

    One little trick I read about: in case you have been compromised, and there is a change that a key logger has been installed on your computer. Changing your passwords might be pointless since all your key strokes are being watched.

    A temporary way around this a the Ease of Access On Screen Keyboard (don’t know if Macs have this). From what I understand, clicking the keys via your mouse doesn’t get recorded on the key logger.

    I’ve recently changed all my passwords because my social network account was comprised. I changed my security questions and answers to something you wouldn’t know just from looking around my Facebook account.

    I’m probably going to reformat my computer anyway, just to be safe. Its annoying, sure, but I’d feel better knowing I’ve wiped my computer of anything my Norton probably missed. Good thing I have back ups.

    That approach is not guaranteed to bypass keyloggers. Please read this article: Is there a way to bypass keyloggers?

    Leo
    28-Feb-2011

  18. Ellen

    Your articles were THE best of any I was able to find on the web. Most other sources did not provide enough details on what to look for to understand what the hacker actually did. You laid out the nuances of the way an account can be hacked and the signs to look for to tell what they actually did..like do you have emails sent by the hacker in your sent box or not. Very helpful. THANKS!

  19. Kathleen Simmons

    Will it do any good to change my EMail address
    and password?

    Depends on the situation. No idea since I have no idea what your situation is.

    Leo
    16-Apr-2011
  20. Chris

    So, there’s nothing that can be done if someone has copied all of your email addresses and you have already changed your password and secret answer many times?

  21. Glen

    I am more worried that my friends are getting spam from “me.” If I totally change my email address, delete the old one, will the spam continue?

    It depends on how they’re getting spam “from” you. If your account has been hacked, the only thing to “stop” it is to regain access to the account. Even then the hackers may not stop as they’ll have your friend’s addresses. If the spam is not from your account directly, but simply shows you as a spoofed sender, then there’s nothing you can do.

    Leo
    01-Jul-2011

  22. Rebecca

    My account has been hacked and all of my contacts have been sent a link to a webpage. However of the things you suggested to look for nothing appears to have been changed (i.e. mobile number, back up email) i have changed my password and security question but am doubtful of how much this will help so was wondering if there was anything else you would suggest? My iphone is also linked to my account so i dont know if this could be the problem?

    Hackers often don’t change anything so that people aren’t quite as quick to notice that their account has been hacked. You need to change anything and everything that the hacker might use to force a password reset.

    Leo
    05-Aug-2011

  23. Andrew

    I just found out my family account was hacked (the “want more pleasure?” link was sent to some of our contacts.) The thing is….does it for sure mean some person in another place was sitting there, going through our account? it’s our head account, which is connected to your ATT account, which lists our address and phone number. Should I panic?

    Quite possibly yes – someone somewhere was logged into the account going through it. I’m not sure what “connected to your ATT account” might mean, but ultimately you must assume someone was able to login to your account as you.

    Leo
    05-Sep-2011

  24. Reva

    A few months ago my husband had the same problem. We ended up deleting that email and giving him a new one. We had no more problems, until a couple days ago when my att yahoo mail became compromised. I really need to keep this email address. So I am trying to stop this by changing things such as password, a new sign in key, and changing anything in the options on my account that may have allowed this compromise. Then I discovered it would not allow me to access my contacts. I’m still working on that….

  25. Meenakshi Sharma

    Of late my contacts are getting emails from me about weird stuff that I never send them.I have changed my password and all security questions.Is there anything else I need to do? Is my account information safe? Will I have to make a new account?

  26. bess

    how can i change the alternative e-mail, who is not mine, my e-mail has been hacked and there is another alternative e-mail. Please tell me how to change it, because when i want to change, the e-mail goes to that another alternative e-mail.

  27. Mark J

    @Bess
    If your email has been hacked and the password and alternative email had already been changed, then it may be too late to recover your email account.

  28. Diane

    someone told me only PCs get hacked. Apples don’t. Is that true?

    Accounts are getting hacked at an alarming rate, and that’s completely independant of what type of computer you use. Mac’s can get hacked, but it’s much less common.

    Leo
    02-Mar-2012
  29. connie

    @Diane,
    It’s not so much that Apples aren’t hackable, as that there is so many more PC’s. So hackers concentrate their energies on the easy pickin’s

  30. Judy

    I’ve changed my password, and there is no additional hacker activity on my account. Now I would like to change the other items – phone no, secret question, etc. However, the alternate email address I gave three years ago is no longer active. Is there a way to get hotmail to let me change the other info?

  31. Suzanne

    I have two hotmail accounts. I can’t sign out of either. It tells me to erase all cookies. I have it set up so I have to sign in each time. Not sure what to do. My address book was hacked and porn emails went out to all my contacts. I did all of the above, but actually there wasn’t much to do. No secret questions or alternate email addresses. I just have this haunting feeling it’s open all the time.

  32. Lew

    My email address starting sending out spam today. (The culprits may have waited deliberately till April fools day for this.) It sent out an email to a number of recipients from my contacts list. I only discovered it by accident because one of these addresses is now defunct. The email bounced back, showing me the list of recipients.

    So here’s an idea TO LET YOU KNOW pretty quickly if your address is sending spam. Enter a dummy fake email into your contacts list. Then it will be sure to bounce back, letting you know within good time of unauthorized activity.

  33. Wesley

    My email has added over 1500 friends in the past week, and an incredible amount of spam has been entering and leaving my account. I’ve followed the necessary steps of changing my password and other important information like it says above, but is there a way to easily delete all the spam and unwanted friends from my email? The spam, I hope now that I have changed my password and such, will stop, but is there a way to just delete all the emails listed as friends? I use hotmail, but it limits me to just deleting 25 per page.

  34. cris32

    Someone used my wife’s email address, her name and telephone number to schedule a medical appointment. Is this an identity theft?

    No idea. You should probably talk to the authorities.

    Leo
    22-May-2012

  35. sympatica

    This is great info. My account has only been hacked by someone entering an event in my calendar and changing the name of a contact –actually my daughter. I have changed my password and security question and worked through other things on this list. How will I know if the hacker still has access?

  36. nick

    Leo has great info here

    SUGGESTOIN
    SECRET QUESTIONS
    do NOT ANSWER THEM appropriately
    MAKE up answers to them – Favorite Dog’s name – automobile
    WHO CARES what the answer is !!!

    Now, the important part is
    USE A PASSWORD MANAGER PROGRAM – I use KeePass
    AND, in a FREE TEXT NOTES field per entry, RECORD the SECRET QUESTIONS, and their answers !!!!

    Yes, this makes it important that if you are working on a specific logged in account, yhou need the data inside that password manager to access parts of the account.
    BUT, that is the PURPOSE of SECURITY –
    it may make it a little harder on you, but YOU are PROTECTING YOUR DATA !!!!

    And with the government freely allowing hackers to HACK the government employee data, AND the data on relatives, etc, then MAKE YOUR DATA HARDER to access !!!!

    And, regarding two-factor authentication –
    it is NOT a breeze to use. Suppose I’m at a computer and I DO NOT have a phone with me , or battery is dead – and the two factor authentication is the phone??

    I’m cooked

    Alternate email, or codes sent to email, does help somewhat more,, because if I’m at my computer, I probably have access to my email (but not always)

    There are other alternatative methods also, but no one has made an easy system, in my opinion.

    anyway, this is just my humble two cents worth
    nick

    • Most all two-factor authentication schemes (at least those done properly) allow you to ALSO generate one-time passwords that you keep in a safe place. Each can be used exactly one time – long enough to login and turn of 2FA if you’ve lost your device.

    • Mark Jacobs

      I’d add to what Leo said, that in case you ever really need to change your password,for example, if the passwords were really compromised, adding even one character er would make it a completely different password, over 100 times stronger than the previous one. So you might keep that in mind for the future.

      I’m using the same password since the early 90s. The original was 7 characters, it grew to 10 and I’ve added a few gradually ever since. The last few characters are unique for each important website and application.

      In a case like LastPass where an email address is associated with your account, and it’s too difficult to change your password, you can simply change the email address associated with your account. That way, even if they were able to crack the email-password combination, they wouldn’t be able to associate the cracked password with the new email address in a million years (almost literally).

  37. john powers

    Check your email account activity for unauthorised access logins .
    Hotmail/Outlook/Gmail provide this service including a drop down map, date and time of attempted and successful access of your account..
    I get attempted unauthorised attempts every week from around the world and from other states .
    Successful logins from a location you do not know are the signs to look for.
    Google for procedure.

  38. khc

    Recently all my gmails have been sent to the Trash before they
    are retreived in the inbox.There is no problem in sending out.
    Your advice & help to solved this is much appreciated.
    I have already reset my password & clear all filters etc etc
    TQ

    • Only thing that comes to mind is anti-malware tools – they’ve been known to do this when using a desktop email program from time to time.

  39. Bob Sprowl

    Here’s the best way to handle the personal information questions. Don’t answer them as yourself, answer them as someone else such as your uncle, mother-in-law, a character in a book or movie or (my favorite) your imaginary friend. Of course your must never reveal who this person is to anyone.

    For questions such as elementary school for a movie or TV character, such as Tonto of the Lone Ranger, you will have to come up with a “interesting” answer such as “Hogswarts”.

    • john powers

      The answer obviously does not have to relate to the actual questions ..you can put red ,yellow and blue ..providing you can recall if your first school was blue ..or was it yellow or maybe red ?

  40. E. J.

    Hmm. When passwords are changed, are active logins forcibly closed by the server? If not, could a hacker not maintain a connection to the account, see that you have made changes, then change things back? Yes, he may not be able to recover your new password, but as you wrote, all data needed to once again reset the password could be changed back in his favor.

    • Mark Jacobs

      Changing a password should force the open session to close. This would be the case on a well designed website such as Facebook and the big name email providers. A poorly designed website might not log you off.

  41. Nigel Betteridge

    Thank you Leo, an excellent article. Much I had not previously considered, lets hope I never need to use it.

  42. Alan M.

    Nice article….Good timing too.
    Just two days ago YouTube notified me that someone in Russia tried to use my account and that they denied access since it did not match the devices or locations I normaly use. They recomended that I change my password which I did. I didn’t think much about it at the time figuring “no big deal”.
    Now after reading your article I went back to my YouTube account and started looking around. What I noticed was that while I thought it not to be important at the time I found that if the “hacker” had gained access could have gotten a massive amount of information. What I search for. What I watch. Etc…..
    Now this has gotten me thinking and I deleted my search history and will go back and do mostly the same to the rest of my history’s.
    Now while there was nothing illegal with any of my activities, it may have had stuff I wouldn’t want my grandkids to know about.
    Thanks for getting me to think about it………….Alan

  43. Dave Grainger

    Hazardous unexpected Cloud phenomenon:
    July 3rd wrestled with a seriously recalcitrant Trojan on a customer’s Win 8 machine, which she had purchased from Staples as a floor model. It apparently had been used by Staples as a demo for several months, including access by their customers, who screwed it up. Firefox had been installed at Staples but from a “rogue site” which infected the machine. Then, they [Staples] loaded Trend Micro plus AVG plus a couple of other “freebie” anti-malware programs, all at the same time, before deciding to unload the problem on a naive customer.

    I dug out everything and finally managed to install Vipre Internet Security which promptly caught and quarantined many copies of the same Trojan plus hundreds of adware PUPs. I ran several deep scans, only to have the Trojan get caught each time. What I finally figured out was that Microsoft Skydrive had been setup, not used by the purchaser, but the infection was hiding files in Skydrive on Microsoft cloud servers! That is beyond the reach of any anti-malware program scanning on a local machine… I uninstalled Skydrive, scanned twice more and am no longer getting “hits” for that Trojan…

    • Mark Jacobs

      Generally, when selling a floor model computer, the store should do a fresh reformat and install. A computer bought with malware is defective. If it’s still under warantee, your client should be able to bring it back, explain the problem and have them reinstall a fresh version of Windows. Before bringing it in, I’d recommend a full image backup to preserve any of your client’s data on the computer

    • The right solution in a case like this, IMO, is to wipe the computer and reinstall the OS from scratch. There’s simply no way to know what has been done to a floor model, and with so many people having access to it over the months it’s certain that whatever was done wasn’t good. I’d never accept a computer from anyone without the ability to install from scratch or restore it to a pristine condition.

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.

Your email address will not be published. Required fields are marked *