What to do with possibly compromised PC

798 Posts


in Techie Stuff
Got a call earlier from my elderly mum, who said that she had a message pop up on her computer to call microsoft, which she did. The MS lady "fixed" loads of stuff and "installed something" (which sounded like malwarebytes from her description). She didnt pay out any money.
She was genuinely convinced she was talking to MS.
I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
I now need to check it. But what should I check for? Should I rebuild it from scratch?
Advice?
Thanks
She was genuinely convinced she was talking to MS.
I told her about social engineering and that her PC may now be compromised and that she should switch it off and not use it, which she has done.
I now need to check it. But what should I check for? Should I rebuild it from scratch?
Advice?
Thanks
0
Latest MSE News and Guides
Replies
1. treat it like it is infected with COVID - anything you plug in there from now on do not plug into any other computer eg at home
2. power PC on, plug in a blank usb stick, copy off any data your mum wants to keep (eg documents, photos).
Re-install system from scratch, booting from eg DVD or bootable USB stick - format the drive before re-installing. OR you can go to settings / update and security / reset this pc and do it there but I personally would go the DVD / USB route.
Once up and running, ideally restore personal files from an old backup ie pre 'MS engineer' - these are unlikely to be infected. Otherwise, well you have them on the USB stick you made - I would be very very wary of putting that in the new machine. Depends on how precious the data is - it's crap shoot. If you do, make sure autorun is disabled.
Thinking back: I once remember her telling me she got an Email from a friend who was apparently stuck in Dubai or somewhere without money. Click link to send some money for him to get home. She didnt follow the link. Because she had seen him 2 days before and he didnt mention going to Dubai.
Make sure you change the password to the hidden admin account too - not that your mum will find it but the 'MS engineer' will. Google it.
I have a low power PC (Intel Atom NUC) running a PiHole. This blackholes DNS requests for domains which are use for tracking/malware/phishing etc.. I have added a number of extra blocklists to it.