What should I do? Computer taken over.

Terrysdelight

Hi

My elderly dad received a telephone call telling him he had a virus on his computer and they were ringing up to fix it. You can guess the rest..... Dad logged on and they talked him through a set up and then they took over the computer by remote access.

They told him to stay on the telephone line. After a while he got suspicious and rang me from his mobile. I told him to hang up his landline, pull the battery out of his laptop and unplug it.

I'm sure they will have got all the info they wanted but how can I check my dad's laptop is safe now? I should imagine they have downloaded spyware as well as all the remote stuff.

Grateful for advice please.

Many thanks
Terri

bingo_bango

Run CCleaner first, then I'd run Hijackthis and post the log. Might be worth running RKill before CCleaner.

closed

they're after money, rather than trying to infect

backup and factory restore if you're concerned.

pulling battery out while running can corrupt the hard disk.

HappyMJ

Agreed...I've had them play about on one of my virtual machines for a bit of fun.

They don't do anything. They go into a windows folder and show you a whole bunch of files with strange names and call it a virus then ask you for money....and this machine was a brand new machine with nothing whatsoever on it...and they couldn't tell it was blank. Stupid people.

It's easy enough remote controlling a laptop over the internet. They do it via Logmein...I help people by using that service as well. Logmein is fine to use.. They won't do it unless your father allows them by clicking Accept on the call.

And yes as above don't pull the battery out whilst running. The correct advice is turn the router off then sort it out.

Terrysdelight

Ah well, can't undo what I already told my dad to do. But for the future I'll know not to pull battery out.

I've told him not to go back on the laptop till I've been round to sort it. I can't do anything for a few days.

I am concerned. I would imagine they were looking for passwords and account details. I will do the ccleaner. But how will I be able to remove any programmes they may have down loaded, such as the remote access?

If I do the system restore, will that uninstall any programmes that will have been added after my dad got his laptop?

Many thanks

Johnmcl7

They're not normally looking for passwords or account details because these aren't normally easily available unless your Dad gave it to them as most software won't show the passwords in plain text.

You can find videos of the scam in action but it's usually a lot simpler in that they claim there's a virus, convince the user to allow the remote connection then will attempt to sell an anti-virus package which if not successful they may screw up the computer (turning off services, telling the computer to start in command line mode etc.) to encourage the person to pay up.

If you have a look through the programs list depending on the OS you may be able to sort by the most recently installed programs but if not, have a read through the list and anything you're not familiar with just pop it into Google and you can see if it's meant to be there or not.

John

paddyrg

Not always a popular view but I am personally find of a flatten and rebuild. Like a soured relationship, once the trust had gone a fresh start is more reassuring than the niggling doubts. It also has the benefit that a rebuild means any old other viruses, malware, browser bars, installed junk, demos, samples, Java etc are no longer cluttering the place up. Some day it's overkill, up to you if you want to spend half a day and know the job is done right for sure or not.

Laz123

Also make sure Remote Access is disabled as this was the way they gained control.