Sign in with
Sign up | Sign in
Your question

Grandma scammed by "hackers", options for restoring her system?

Tags:
  • Computers
  • Windows 7
Last response: in Windows 7
Share
March 21, 2012 5:14:42 PM

Hi, I'm not sure if this is the correct forum, so if there is a better place to look for an answer let me know.

Anyways, my grandma called me yesterday saying that "Microsoft" called her and alerted her that "Hackers" had gotten into her system and she needed to follow their instructions to "uninstall the viruses" the hackers left. They showed her the event viewer and proceeded to tell her all the warnings and errors were due to viruses the hackers put on her computer (total bs). They then proceeded to do some other things my grandma couldn't describe, but at one point she said "they took over control of the mouse and were doing things". So they were using some form of a remote desktop connection. She said she was on the phone with them for close to 2 hours, she hung up and called me (thank god) after they said they needed $200 to fix the issues.

I told her it was a scam and most likely they have loaded her computer with viruses and just want her credit card info because: 1. Microsoft will never call you unsolicited. 2. Event viewer always has warnings and errors. 3. Anybody asking for credit card info over the phone is trying to con you.

I instructed her to to a hard shutdown of her computer and leave it off until I figure out how we need to proceed.

Anyways, my grandma is terrible with computers (obviously) and lives 1,000 miles away. My biggest concern I have is that they have installed keyloggers on her computer to try and get usernames/passwords/credit card info and that if they remotely took control of her computer once, they will be able to do it again.

I know the easiest fix is to do a full reinstall with her recovery disks, but doubtful she is capable of doing that with me coaching her over the phone. Also, will this for sure remove anything they did?

I was thinking of using a remote desktop program (logmein or teamviewer, both of which I have used in the past) to get on her computer and try to remove anything suspicious, without doing a full reinstall, but I'm hesitant to do this as I'm betting that it is going be a huge pain to try and find everything they may have installed and I'm afraid of missing something that could potentially cause problems in the future. So basically I'd waste a lot of time and end up doing a full windows reinstall anyways, when I could just do that from the start.

Would it be worth it to have her take her computer (an HP laptop) and recovery disks to a "computer repair" shop and ask them to wipe it clean and reinstall? How much do you think it would cost?

Any help is appreciated. Thanks.

More about : grandma scammed hackers options restoring system

a b $ Windows 7
March 21, 2012 6:03:29 PM

dhawk86 said:
I told her it was a scam and most likely they have loaded her computer with viruses
Hello dhawk86;
I agree with your analysis - a scam narrowly avoided.

And I think you're right you can't trust that the laptop didn't get loaded up with a trojan, or worse, a rootkit. The worst of that breed can alter the OS and it's helper programs and even 'defend' itself from the usual AV/Malware scans.

Check to see if it's possible to use F8 Advanced Boot Options and get into Safe Mode.










m
0
l
Related resources
March 21, 2012 6:22:51 PM

Not a disrespect to many honest and capable professionals, but such "computer repair" shop's effectiveness is dubious based on my experience.

A friend of mine had two high-end laptops of its own era, but obsolete now that were not booting correctly. He just wanted to retrieve photo files from the HDDs, so brought them to G*S* and asked them to perform such service. After initial test on those HDDs ( 2 per each laptop, so total 4 ), they estimated over $200 charge. Outrageous, he brought the computers to me, and after brief test with hookup on my SATA-USB enclosure, I found one HDD of each set was totally empty, and both system disks (also with data) were pretty much OK status, but just couldn't boot, which I suspected because of certain virus. Anyhow, I removed the virus, copied all pictures from those HDDs, and formatted them to make portable HDDs with USB enclosures I bought from Microcenter.

Although I admit that I had to spend some time removing the virus (format couldn't remove them somehow, something like tdss), I think professional computer repair shop should be able to resolve this within 30 minutes, and I can't imagine how they can justify over $200 charge for such simple task. Not only that, I found my friend's system disks have tax information, which had been exposed to whoever took a look at the disks. Especially if you don't have computer skills, like your grandma, you may not know what kind of information you have left in the HDD, and what the technician at the repair shop is working on your data there. For this reason, her bringing the computer to the repair shop is not recommended. One thing you can do is to have her ship the laptop to you, and you do the clean install.
m
0
l
Anonymous
a b $ Windows 7
March 21, 2012 7:00:08 PM

I had a similar situation with my grandma and talked her through it. She just described what she saw on the screen and I told her what to click on and type. By pressing f10 at boot you can recover from the hidden partition. Doing a full recovery will remove everything. If your grandma brings it to a repair shop they will probably rip her off.
m
0
l
March 21, 2012 7:09:17 PM

Thanks for the help everybody. I'm thinking I'll have her boot into safe mode with networking. Then have her install a remote app, then I will take a look myself at the machine myself remotely and asses the damage. Depending on how it looks I may either just try to clean everything up, or perform a full recovery.
m
0
l
a b $ Windows 7
March 21, 2012 7:22:58 PM

I would have her send it to you for your to do; It will probably cost about as much to send it to you as it would cost to have fixed or re-imaged.


If you can direct her to do a factory restore then that would be fine also. However, she may not know how to backup any files that she may have stored on the hard drive.

You could use Windows Live Mesh (Free MIcrosoft remote tool) to help her back up her files to another media device, and start the Factory Restore from software that can be started from within the o/s.
m
0
l
a b $ Windows 7
March 21, 2012 7:45:31 PM

Also -- Since they were connected I'd make sure and have her chang any Bank - Credit Card etc. account passwords for anything that was on the system as they may have already got access to them if they were stored on the system and since they had her Phone # they evidently have any other info they might need to access them -- So contact anywhere she has funds and put them on alert or change accounts as they may try to use them or access her bank account !!
m
0
l
March 21, 2012 7:54:16 PM

JDFan said:
Also -- Since they were connected I'd make sure and have her chang any Bank - Credit Card etc. account passwords for anything that was on the system as they may have already got access to them if they were stored on the system and since they had her Phone # they evidently have any other info they might need to access them -- So contact anywhere she has funds and put them on alert or change accounts as they may try to use them or access her bank account !!

Agreed, have her close her cards and get new ones issued. Also, you might want to get her a nice typewriter instead...
m
0
l
a b $ Windows 7
March 21, 2012 9:08:29 PM

I would set it up so she is not an admin on the pc/laptop.
That is how I always run mine like you're supposed to do; That will prevent a lot of issues.
m
0
l
a b $ Windows 7
March 21, 2012 9:15:46 PM

they call me about once a week, i think i'm their training call to show what the signs are that i'm going to play with them. I always ask now which machine which confuses them, next stop will be a VM of fresh win7 to see what they are looking for. Followed by learning how to insult their mother in their home language.
m
0
l
a b $ Windows 7
March 21, 2012 9:21:36 PM

Quote:
...my grandma called me yesterday saying that "Microsoft" called her and alerted her that "Hackers"...


Really? Microsoft called her? IT'S A SCAM!

1-How did MS get her phone number?
2-How do they know what PC she has?
etc, etc, etc.
m
0
l
a b $ Windows 7
March 21, 2012 9:24:04 PM

foscooter said:
Quote:
...my grandma called me yesterday saying that "Microsoft" called her and alerted her that "Hackers"...


Really? Microsoft called her? IT'S A SCAM!

1-How did MS get her phone number?
2-How do they know what PC she has?
etc, etc, etc.



Yes, the user mentioned that fact in the title and has discussed this already in several of the posts above; Any advice for the user?
m
0
l
March 21, 2012 9:27:14 PM

Thanks everybody for the help. She is sending me the laptop with the recovery disks. I'm going to fire it up and see what happened, backup what little data she has and then format/reinstall.

Good news is that she does not do online banking and has never ordered or purchased anything over the net, so I very much doubt any credit card/banking info was compromised as that information has never been entered into her computer.
m
0
l
a b $ Windows 7
March 21, 2012 9:29:53 PM

dhawk86 said:
Thanks everybody for the help. She is sending me the laptop with the recovery disks. I'm going to fire it up and see what happened, backup what little data she has and then format/reinstall.

Good news is that she does not do online banking and has never ordered or purchased anything over the net, so I very much doubt any credit card/banking info was compromised as that information has never been entered into her computer.



That is the best solution for piece of mind.

I would also make sure that you setup Windows Live Mesh on the laptop for remoting in from your place to her laptop and test of course.
m
0
l
March 21, 2012 9:31:27 PM

here is what i would do if i were you and you have the money. have her ship the laptop to you. remove the hard drive and give it to local law enforcement (maybe they can trace the criminals) then install a new drive....this is the only way to be completely certain that nothing escapes.
m
0
l
March 21, 2012 9:39:18 PM

Additionally, you might consider alerting the authorities at some level. There are ways that the callers can be traced after the fact that might lead to them being caught and prevent their doing this to others... It's kind of a long shot as I would bet any local police force would give you a basic "not our jurisdiction/we can't do anything," but I know I would want to at least give it a cursory try if anyone messed with any of my grandparents.
m
0
l
March 21, 2012 9:40:25 PM

humphreybot said:
here is what i would do if i were you and you have the money. have her ship the laptop to you. remove the hard drive and give it to local law enforcement (maybe they can trace the criminals) then install a new drive....this is the only way to be completely certain that nothing escapes.

+1! Beat me to it by a hair.
m
0
l
!