📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

What to do with possibly compromised PC

Got a call earlier from my elderly mum, who said that she had a message pop up on her computer to call microsoft, which she did. The MS lady "fixed" loads of stuff and "installed something" (which sounded like malwarebytes from her description). She didnt pay out any money.
She was genuinely convinced she was talking to MS.
I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
I now need to check it. But what should I check for? Should I rebuild it from scratch? 
Advice?
Thanks
«1

Comments

  • pbartlett
    pbartlett Posts: 1,397 Forumite
    1,000 Posts Name Dropper
    Goodness only know what is on there.

    1. treat it like it is infected with COVID - anything you plug in there from now on do not plug into any other computer eg at home

    2. power PC on, plug in a blank usb stick, copy off any data your mum wants to keep (eg documents, photos).

    Re-install system from scratch, booting from eg DVD or bootable USB stick - format the drive before re-installing. OR you can go to settings / update and security / reset this pc and do it there but I personally would go the DVD / USB route.

    Once up and running, ideally restore personal files from an old backup ie pre 'MS engineer' - these are unlikely to be infected. Otherwise, well you have them on the USB stick you made - I would be very very wary of putting that in the new machine. Depends on how precious the data is - it's  crap shoot. If you do, make sure autorun is disabled.
  • JJ_Egan
    JJ_Egan Posts: 20,281 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Yes for me it would be a full wipe unless machine has a backup image .
  • UncleZen
    UncleZen Posts: 851 Forumite
    Part of the Furniture 500 Posts Name Dropper Photogenic
    How best should I protect this PC in the future, assuming that its operated by a PC Numpty (which it is really). Like no Admin rights for example.

    Thinking back: I once remember her telling me she got an Email from a friend who was apparently stuck in Dubai or somewhere without money. Click link to send some money for him to get home. She  didnt follow the link. Because she had seen him 2 days before and he didnt mention going to Dubai.

  • pbartlett
    pbartlett Posts: 1,397 Forumite
    1,000 Posts Name Dropper
    edited 25 February 2021 at 4:35PM
    Yes you can change the password to the admin account and create a user account for her.

    Make sure you change the password to the hidden admin account too - not that your mum will find it but  the 'MS engineer' will. Google it.
  • grumpycrab
    grumpycrab Posts: 5,025 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Bake Off Boss!
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    If you put your general location in your Profile, somebody here may be able to come and help you.
  • UncleZen
    UncleZen Posts: 851 Forumite
    Part of the Furniture 500 Posts Name Dropper Photogenic
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    I dont think she was asked.
  • grumpycrab
    grumpycrab Posts: 5,025 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Bake Off Boss!
    edited 25 February 2021 at 4:46PM
    UncleZen said:
    UncleZen said: She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    Did she not pay any money because she wasn't asked (not a very clever scam) OR because she refused (clever mum)?
    I dont think she was asked.
    Strange scam.  Guessing they were looking for bank info/passwords etc possibly with identity theft in mind?  They would be unlikely to install anything nasty in my experience but a belt and braces approach (clean install) is understandable.  With Windows10 its much easier these days (clean install that is.)
    If you put your general location in your Profile, somebody here may be able to come and help you.
  • Is there any data stored on the machine which needs to be retained?
    In which case you might need to air gap it and copy off any important files/folders.


    I have had exactly this situation twice with my Mother. Here is where I'm at currently:

    I have a low power PC (Intel Atom NUC) running a PiHole. This blackholes DNS requests for domains which are use for tracking/malware/phishing etc.. I have added a number of extra blocklists to it.

    Said low power PC also does some basic network monitoring via Zabbix. That's more helpful for the support calls rather than anything else right now.

    Aside from that, she doesn't have admin access on the machine and support is provided via Microsoft Quick Assist.
    A dream is not reality, but who's to say which is which?
  • UncleZen said:
    Got a call earlier from my elderly mum, who said that she had a message pop up on her computer to call microsoft, which she did. The MS lady "fixed" loads of stuff and "installed something" (which sounded like malwarebytes from her description). She didnt pay out any money.
    She was genuinely convinced she was talking to MS.
    I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
    I now need to check it. But what should I check for? Should I rebuild it from scratch? 
    Advice?
    Thanks
    Yes and change ALL of her passwords immediately.
  • chrisw
    chrisw Posts: 3,770 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Just a suggestion, but my mum was constantly struggling with her laptop and fell for one of these scams. In the end, we clubbed together and bought her an iPad which are pretty well locked down and are of no interest to these sort of scammers. We also set her up with a call blocker which has successfully stopped all scam calls.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.6K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.6K Work, Benefits & Business
  • 598.3K Mortgages, Homes & Bills
  • 176.7K Life & Family
  • 256.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.