Relative got scammed by 'Windows' cold call - how to ensure computer is safe?

Bored

My mother told me today that she received a call from 'Windows' (a man with a thick Indian accent) who asked her if her computer was running slowly. He then apparently made her click a few buttons, and showed her that the computer was infected with a load of Malaysian viruses. Then she said she went on the internet, but has no recollection of what happened next. Apparently they tried to sell her a warranty, she said she wasn't interested and said she'd ring them back.

I told her it sounded like a scam, and she shouldn't have blindly followed what this man told her. Now she seems to have a limited memory of what she actually did on the computer (the above story is all I can get from her), and I'm worried she let them have access to the computer through remote assistance. She's logged into online banking since this happened so I made her ring the banks and prevent access through online banking.

What I need to know is what to do now? I have avast antivirus installed on the computer for her, but I'm guessing I'll need to use a malware detector as well? Is Malwarebytes okay for this purpose? I've looked on her chrome history and there is no history that she went to any website or downloaded anything, but is there any way to ensure she hasn't installed anything dodgy?

Basically, any help at all please. Can't believe she fell for this, I'm just glad she didn't give them her card details as well! :mad:

esuhl

I'd re-install Windows -- it's the only way to be certain you've got rid of whatever malware or remote-control software has been installed.

Then change any passwords that might have been stored or cached on the PC.

mandragora_2

My 74-yr old mum got caught this way too - they also pumped her for bank account and cc details in the phone conversation - she didn't give them out, but if I were you, I'd check that the accounts are OK - my mum got new cards issued because she just wanted to be safe. I can't comment on the techie stuff, others will be better than me at it, but I'd take this very seriously if I were you. My mum had her whole system cleaned up by a local IT guy known to the family, and recommended by my brother who's far more IT savvy than me. When he returned the laptop, he said that following the episode there'd been two sustained attempts to hack in to the computer. She also reported it to the local authority, trading standards, I think, who took it seriously. They do target vulnerable individuals, and what was horrible was the way it made my mum feel - violated in her own home, that she'd been silly (she hadn't - they were very convincing) and scared that she had been stolen from. Not nice at all.

robmar0se

If she paid by credit card, then report the scam, a friend of mine got the money back. But more importantly cancel the card, and if she does internet banking cancel/replace any associated cards.

Re-installing Windows is a little over the top, download Combofix and run, then download malwarebytes (free version) and scan.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.malwarebytes.org/

JasX

reformatting is in no way an over the top reaction t when someone "intent on scamming you" has hd full admin access to your computer via a remote link.

Exercise great care copying off any files you want to keep. reformat and reinstall.

Otherwise better keep checking those accounts and watch any credit card numbers, names, addresses, national insurance numbers personal information etc etc you type into the thing.

Remember your mother hasn't stumbled onto a computer virus somewhere.... someone intent on defrauding her has had very recent full access to that machine, follow the 'watered down' response above at your own risk.

spannerzone

I've not read anything that suggests these scammers do anything other than trick you into letting them 'sort the computer problem' by using remote software like logmein and then doing some clean up using ccleaner or otherwise....I think they target gullible people, pretend to fix a problem and run with the money and that's probably the end of the matter.........

However there is also no evidence to suggest that the computer integrity is ok - so it would certainly be the safest option to reload Windows to be totally sure.

I think the main problem is that they've got your credit card/bank details that they were given and you're now probably on a mugs list and likely to get targetted by other scams due your ability to be tricked.

Mr_Toad

spannerzone wrote: »

I've not read anything that suggests these scammers do anything other than trick you into letting them 'sort the computer problem' by using remote software like logmein and then doing some clean up using ccleaner or otherwise....I think they target gullible people, pretend to fix a problem and run with the money and that's probably the end of the matter.........

However there is also no evidence to suggest that the computer integrity is ok - so it would certainly be the safest option to reload Windows to be totally sure.

I think the main problem is that they've got your credit card/bank details that they were given and you're now probably on a mugs list and likely to get targetted by other scams due your ability to be tricked.

I think it can be worse than that. Some of them get the confused person to pay by credit card and then set up a CPA - Continuous Payment Authorisation for 'on-going support' then then take money regularly.

The OP should re-load the PC from scratch - change passwords and speak to their Credit card company and explain what's happened, just in case.

Notmyrealname

robmar0se wrote: »

Re-installing Windows is a little over the top

No it isn't. If it has a rootkit that may not be detected by Combofix et al.

Wipe computer, change online passwords and call credit card company.

spannerzone

masonn wrote: »

I think it can be worse than that. Some of them get the confused person to pay by credit card and then set up a CPA - Continuous Payment Authorisation for 'on-going support' then then take money regularly.

The OP should re-load the PC from scratch - change passwords and speak to their Credit card company and explain what's happened, just in case.

Yes a continous credit card payment is a real pain to get stopped without the company involved stopping it I beleive?

Anyone with a relative or friend who has a computer and might be suceptible really needs reminding to watch out for these scams.

robmar0se

JasX wrote: »

reformatting is in no way an over the top reaction t when someone "intent on scamming you" has hd full admin access to your computer via a remote link.

Exercise great care copying off any files you want to keep. reformat and reinstall.

Otherwise better keep checking those accounts and watch any credit card numbers, names, addresses, national insurance numbers personal information etc etc you type into the thing.

Remember your mother hasn't stumbled onto a computer virus somewhere.... someone intent on defrauding her has had very recent full access to that machine, follow the 'watered down' response above at your own risk.

I'm very sorry if you took offence at my suggestion that re-installing windows is over the top.

Its just that in my job I have come across this over a dozen times now. Doing as i suggest has in fact resolved the problems - perhaps I should have also said that one should also remove LOGMEIN or Teamwork if these have been installed.

There are msny threads on this forum on the same issue if you care to look.

In the end it is upto the Op to decide what he wants to do, and how risk adverse he/she is.

Good luck

Bored

Thanks to all that have posted.

I asked her if she typed anything in such as logmein or ammyy or teamwork but she is adamant that she didn't type anything. She said she cut them off after they instructed her to open up "a sidebar which showed her all the viruses, which had little x's next them".