My mother in law has been cold called by “Microsoft” and has allowed the cold caller to remotely access her laptop.
I am unsure what to advise her to undo any damage.
All I can think is a rebuild of the laptop with a fresh windows install. Is there a less nuclear option?
Also what should I advise regarding the possibility for bank data theft, identity fraud etc?
How long was it between the attack and when you (or she) realized something was wrong? What did she do in the meantime?
I’d take the nuclear route, though it’s probably safe to save her documents, photos, and the like. Have another machine (with a good antivirus!) scan the files to make sure they’re clean.
As far as data theft, yeah, it’s time to change all her passwords, especially her bank ones. You (or she) should call her bank and ask if they have preventative measures they can take. Many do. There are also some good identity protection programs that keep an eye on your credit reports, etc. so you get fast warning if there’s any untoward activity. I’d sign her up for one pronto.
Good luck. What a mess.
about 3 hours ago, computer hasnt been used since. As soon as i heard about this i ran up the red flag, though they were already suspicious
I think you have to assume that a program has been installed to steal keystrokes and other financial login related info. She should unplug her cable to the Internet modem and start archiving any critical files she needs. She could try running a program that removes malware, but the nuclear option may be necessary to ensure that nothing is missed.
With regard to freezing her bank accounts due to her computer being compromised, I would have her contact her bank immediately and seek advice from them.
Im glad you are all agreeing with me! Whilst computer savvy, i am not up to editing registries etc so am not equipped to try to fix this, I am going to advise them to take it to a pc shop to get a rebuild.
I am going to download photos etc to a compact disc now, with the wireless turned off on the laptop. My F-i-L is speaking to the cc companies and bank, so hopefully we can avoid much splash.
Disconnect and turn off the laptop immediately.
I would recommend replacing the hard drive. Take the old drive out, install a new drive and reinstall the OS onto the new drive. If the hacker installed a boot sector virus, it will be a major hassle to remove it. A boot sector virus is not removed by a reinstall. You would need to do a full overwrite format of the whole drive including the boot sector. If you don’t know how to clear the boot sector, get a new drive to be safe.
To backup files, pull the hard drive out and put it in an external drive. Once the laptop is reinstalled on a new drive, copy over the files you need.
can you replace drives in a laptop?
I think the big issue is that they had access to her laptop so the malware they install would be more insidious than what a malware over the net would be. I would vote for nuke itfrom space. It’s the only way to be sure.
Yes. Each laptop is different, but it’s usually a matter of removing a retaining screw on the bottom and then sliding the drive out of the side of the laptop.
Usually, yes.
Just to add that this scam is usually to do a “fix” and then demand payment, rather than to install malware, so your parents probably don’t have to worry too much about that. I’d still nuke the thing though. The Guardian has been following the scam for a while:
Thanks for the info guys. Have advised to ask for a new install on a new drive and have warned it may be cheaper to get a new laptop…
I see no need to replace the drive. Every hard drive manufacturer has diagnostic software on their web sites that includes a utility to wipe the drive. All areas of the drive are wiped clean. I’ve been dl them and using since the early 1990’s. I keep Seagate’s software on my pc at work because I run into so many Seagate drives in my work.
Typically the utility will make a bootable floppy or bootable cd.
Then about three hours are needed to fully reinstall windows and any extra software packages. The time needed depends on how difficult it is to find drivers. Dell makes it easy by grouping all the needed drivers under the model’s support page. Otherwise, you install Windows and then check device manager for errors. It helps a lot to have another pc available to search for the drivers.
As mentioned above, this won’t affect a boot sector virus.
Installing a new drive it pretty simple. Also, if it’s a SATA drive, buy a $15 USB to SATA cable. You can then plug the old drive in through a USB port and copy any data off of the old drive onto the new (PICs, docs, etc.).
Do this while disco’ed from the internet, of course.
Wow. Good luck with this. I got a call from these people (or others just like them) a couple of months ago. I chatted with the guy for a bit, explaining that I didn’t believe his story, but that if he wanted to he could send me email explaining the problem. I never heard from them again.
Well, that’s a relief, then; it means that there hasn’t been a chance for a keylogger to do any damage, at least.
This is nonsense. The boot sector (part of the MBR) isn’t magic and it isn’t necessary to replace the drive to remove a boot sector virus. Running fixmbr and fixboot (XP) or bootrec (Vista/7) with appropriate options from a Windows install disc will rewrite the MBR, even on an existing system. Repartitioning the hard drive (ie. deleting all existing ones and recreating them) will also rewrite the MBR and so will a program that erases the entire drive, like DBAN.
You are speaking from the point of view of an expert. True, it’s not hard to clear the boot sector if you know what you are doing. But are you going to be on the phone with his in-laws to walk them through all these steps with fixmbr, fixboot, DBAN?
If you don’t know what you’re doing, it’s very easy to not clear the MBR. In a case like this where some hackers had total access to the laptop and the owners are computer neophytes, it’s much safer to not attempt to reuse the drive.