What to do with possibly compromised PC

in Techie Stuff
13 replies 412 views
UncleZenUncleZen Forumite
798 Posts
Part of the Furniture 500 Posts Name Dropper Photogenic
Forumite
Got a call earlier from my elderly mum, who said that she had a message pop up on her computer to call microsoft, which she did. The MS lady "fixed" loads of stuff and "installed something" (which sounded like malwarebytes from her description). She didnt pay out any money.
She was genuinely convinced she was talking to MS.
I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
I now need to check it. But what should I check for? Should I rebuild it from scratch? 
Advice?
Thanks
«1

Replies

  • pbartlettpbartlett Forumite
    1.4K Posts
    1,000 Posts Name Dropper
    Forumite
    Goodness only know what is on there.

    1. treat it like it is infected with COVID - anything you plug in there from now on do not plug into any other computer eg at home

    2. power PC on, plug in a blank usb stick, copy off any data your mum wants to keep (eg documents, photos).

    Re-install system from scratch, booting from eg DVD or bootable USB stick - format the drive before re-installing. OR you can go to settings / update and security / reset this pc and do it there but I personally would go the DVD / USB route.

    Once up and running, ideally restore personal files from an old backup ie pre 'MS engineer' - these are unlikely to be infected. Otherwise, well you have them on the USB stick you made - I would be very very wary of putting that in the new machine. Depends on how precious the data is - it's  crap shoot. If you do, make sure autorun is disabled.
  • JJ_EganJJ_Egan Forumite
    20.3K Posts
    Part of the Furniture 10,000 Posts Name Dropper
    Forumite
    Yes for me it would be a full wipe unless machine has a backup image .
  • UncleZenUncleZen Forumite
    798 Posts
    Part of the Furniture 500 Posts Name Dropper Photogenic
    Forumite
    How best should I protect this PC in the future, assuming that its operated by a PC Numpty (which it is really). Like no Admin rights for example.

    Thinking back: I once remember her telling me she got an Email from a friend who was apparently stuck in Dubai or somewhere without money. Click link to send some money for him to get home. She  didnt follow the link. Because she had seen him 2 days before and he didnt mention going to Dubai.

  • edited 25 February 2021 at 3:35PM
    pbartlettpbartlett Forumite
    1.4K Posts
    1,000 Posts Name Dropper
    Forumite
    edited 25 February 2021 at 3:35PM
    Yes you can change the password to the admin account and create a user account for her.

    Make sure you change the password to the hidden admin account too - not that your mum will find it but  the 'MS engineer' will. Google it.
  • grumpycrabgrumpycrab Forumite
    4.9K Posts
    Part of the Furniture 1,000 Posts Name Dropper Bake Off Boss!
    Forumite
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    If you put your general location in your Profile, somebody here may be able to come and help you.
  • UncleZenUncleZen Forumite
    798 Posts
    Part of the Furniture 500 Posts Name Dropper Photogenic
    Forumite
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    I dont think she was asked.
  • edited 25 February 2021 at 3:46PM
    grumpycrabgrumpycrab Forumite
    4.9K Posts
    Part of the Furniture 1,000 Posts Name Dropper Bake Off Boss!
    Forumite
    edited 25 February 2021 at 3:46PM
    UncleZen said:
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    I dont think she was asked.
    Strange scam.  Guessing they were looking for bank info/passwords etc possibly with identity theft in mind?  They would be unlikely to install anything nasty in my experience but a belt and braces approach (clean install) is understandable.  With Windows10 its much easier these days (clean install that is.)
    If you put your general location in your Profile, somebody here may be able to come and help you.
  • CoastingHatboxCoastingHatbox Forumite
    509 Posts
    Third Anniversary 100 Posts Name Dropper
    Forumite
    Is there any data stored on the machine which needs to be retained?
    In which case you might need to air gap it and copy off any important files/folders.


    I have had exactly this situation twice with my Mother. Here is where I'm at currently:

    I have a low power PC (Intel Atom NUC) running a PiHole. This blackholes DNS requests for domains which are use for tracking/malware/phishing etc.. I have added a number of extra blocklists to it.

    Said low power PC also does some basic network monitoring via Zabbix. That's more helpful for the support calls rather than anything else right now.

    Aside from that, she doesn't have admin access on the machine and support is provided via Microsoft Quick Assist.
    A dream is not reality, but who's to say which is which?
  • UncleZen said:
    Got a call earlier from my elderly mum, who said that she had a message pop up on her computer to call microsoft, which she did. The MS lady "fixed" loads of stuff and "installed something" (which sounded like malwarebytes from her description). She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
    I now need to check it. But what should I check for? Should I rebuild it from scratch? 
    Advice?
    Thanks
    Yes and change ALL of her passwords immediately.
  • chriswchrisw Forumite
    3.1K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    Forumite
    Just a suggestion, but my mum was constantly struggling with her laptop and fell for one of these scams. In the end, we clubbed together and bought her an iPad which are pretty well locked down and are of no interest to these sort of scammers. We also set her up with a call blocker which has successfully stopped all scam calls.
Sign In or Register to comment.
Latest MSE News and Guides

Boost your Nectar points

Get up to £25 in bonus points

MSE News

Ask an Expert: Scams

Watch MSE Katie's answers to your questions

MSE Forum

Hot Diamonds 40% off code

Including already-reduced outlet stock

MSE Deals