True. I work in book publishing, and the majority of the manuscripts are in Word. They end up being paged in InDesign, and I have macros go help with that process. Not too many Google docs (thankfully).
Moderating:
Yes, there is still a lot of room for constructive answers to the op. Let’s try to get back to that.
Thanks.
Just re-thinking my post. If you can, remotely, log out of his user account and into the admin account without him having to enter the password or do anything on his end, you’ll probably be okay. Some security settings may need to be tweaked, but you can still leave them all enabled for his user account.
Keep in mind, he’s 92 years old, it’s very likely that he may not fully understand what he can and can’t do.
I’m thinking this might not be a good idea. At least I, personally, wouldn’t copy files from an infected computer over to mine. You’re probably better off just copying them to a jump drive, cleaning the computer and then copying them back (if you need them).
Depending on what type of files they were, I might even consider setting up a raspberry pi that I can check them out with.
I’m going to assume that you’re happy to visit your dad, anyway, but this will be a fraught visit, not a relaxing thing.
Have you considered having him pack up his machine and shipping it to you, so you can have any number of low-pressure days to work on it, as well as the opportunity to consult a local expert?
Cheaper than airfare, too.
Dan
Er, if the hackers have access to his email, they can get up to a fair bit of mischief with any online accounts he may have. You don’t mention whether he does anything like that - e.g. banking etc.
I’d honestly suggest that you just get him a new computer. Whatever you get will be more powerful than what he has now, and you won’t have to worry about cleaning up any rootkits or other real nasties. A regular scan should take care of any data files you copy over, but regular antivirus will not always clean up a rootkit: my daughter managed to get one on the family computer, some years back, and whatever AV software we had didn’t find it. It did detect the various bad files the rootkit was trying to download, however.
Have you gotten the illicit payments stopped? If they are credit card payments, you can dispute them, and you’d want to close the account if not already done. If they are bank withdrawals, you need to get in touch with the bank.
I sympathize with the scenario. These scammers PREY on older people. I honestly think that my husband and I are just at the cutoff, age-wise, where people more than a few years older are very non-savvy, computer-wise, while we were at the very beginning of the age at which computers were ubiquitous. We could likely make a fairly nice second income if we lived in God’s Waiting Room (the in-laws have a local tech guy who helps out with computer issues - he seems reputable and knowledgeable enough).
My mother-in-law lost control of her email account a month or so back. It’s not entirely clear what happened - but there were some shenanigans with the bank account (some purchases from “Amazon”, which led to a refund from “Amazon” for MORE than the disputed amount, along with a very threatening email demanding reimbursement). And supposedly the computer itself got bricked around then - so she bought a new one, and started using a gmail account.
It hadn’t occurred to her that she needed to regain access to her other email (bellsouth, now managed by AT&T). We tried to do that the other day, and all the recovery methods failed. I’m really concerned that the bad guys have been committing mischief.
Getting a new computer will not magically reset hackers’ access to your email and other accounts.
As for rootkits and viruses, I have consistently claimed that if we are dealing with real pros (which it does not sound like, or else we would not be having this conversation) then running a standard disinfection tool will not get rid of it, but it will get rid of a lot of crappy generic malware and therefore worth a try, or, if everything is tidily backed up, you can always wipe everything out and re-install Windows (or MacOs or Linux…) and restore your documents from backup.
Not sure I like this implied ageism implying that anybody over the age of 60 is a sucker—I have seen young people, I’m talking 25 years old, click on “click me” pop-ups. It could happen to anyone. And, on the other hand, some of the real OG hackers are pushing 90–95 or even more these days; they have forgotten more about computers than you or I will ever know, and even people like Guy Steele are almost 70.
It won’t recover email etc, - that’s quite true - but it would eliminate the issue of any tough-to-squash nasties.
Plus, if the computer is 10 years old, it’s likely running an outdated, unsupported version of the OS which is more virus-prone than a current version. And it’s likely incredibly slow.
Despite my complaints on this board, this has been going on unabated since forever here. The administration is sensitive to sexist comments, racial comments, and other slurs directed at protected groups, but older folks are fair game. End highjack.
The first day has gone well, much better than the worst case scenarios I had been imagining. But it’s been a long day, I’m about to go to sleep, so a full report will have to wait, perhaps until tomorrow evening or possibly Friday.
Thanks for all the help and suggestions.
Okay, all has turned out as well as could be expected.
First, the computer was not as old as I thought. I had forgotten that he had bought a new one back in 2018.
When I booted it up in safe mode, I found, as Dad had reported, that all of his data, principally letters, articles, and books he had written, had been deleted. Fortunately, an external HD I had set up some time ago had backups from sometime in 2020, so I was able to restore the vast majority of his data, which goes back to the mid 1990s. I copied it all to a thumb drive, and later scanned it with a new install of Norton.
I thought I might use Malwarebytes to find out what malware was present, but the download stopped at about 19%, and that plus a few other unusual happenings made me suspect the hackers had compromised the OS to prevent attempts to fix it. So I decided not to waste time trying to clean it up.
Since I retained a faint hope that it might be possible to recover some of the more recent deleted data files that hadn’t been restored, I chose not to wipe the original 1 TB HD. I removed it and installed a new 240 GB SSD ($37 at Best Buy), which is still plenty big enough for Dad’s purposes.
I installed Win 10 from media I had prepared, then installed Norton (including backup), Remote Utilities (which I use to provide support remotely), and the few apps he uses, and finally got everything fixed up to more or less the way it was before. We also changed all of his most critical passwords.
I was able to get everything done in time to catch my flight home (which was canceled for weather, so I had to take a train, but that’s another story), and I brought the corrupted HD home so I can try to recover those deleted files. I have an old machine I can fire up and use as a sandbox. I’m looking forward to trying out Tron.
Before anyone says anything, I know Norton is a resource hog and of dubious use in many respects. But I have a family subscription, have installed it on six other family systems, and find it relatively easy to use and effective. I don’t use all of its features (I tried out its password manager, but found it not user-friendly enough for Dad), but it suits our needs.
Thanks again for all the help and suggestions.
An addendum: the hackers attempted a few fraudulent transactions on Dad’s credit card, but Visa flagged them and sent him a new card. The deletion of his data may have been an attempt at ransom, although he never got an offer, or it may have been simple vindictiveness.
Sounds well, so congratulations. I think you did everything right, especially not investing too much time in trying to get rid of the infection, but installing Windows from scratch. It’s the better, safer and faster way in most of these cases.
I’m glad you were able to save so much. Swapping the hard drive sounds like a very good call. Unless the hackers were real assholes and did a complete shred (which they may have done) the data should be there.
Do they actually encrypt the data or merely the directory?
You are, of course, absolutely correct (I’m over 60, and have, so far, managed to NOT fall victim to a scam) but there appears to be ample evidence that the elderly IN GENERAL are a) more susceptible to social engineering etc., and b) are more desirable targets.
The average 20-something is certainly at risk. They grew up using computers and smartphones at the same time as the scammers grew up learning to exploit those devices, and I suspect many of them are just conditioned to click through on stuff without thinking too hard about it.
I don’t think there’s anything age-ist about being more worried about an elderly parent becoming a victim. This article mentions that many victims test just fine on tests of cognitive capacity.
My in-laws have been targeted by scammers on numerous occasions - the Microsoft scam, an IRS identity theft scam, some other scam a few months back in which the caller demanded gift cards, another recent one where someone hacked their bank account, “repaid” the money with some extra, and sent a very threatening email to convince them to repay the difference via gift card. So far, they’ve not gotten taken for anything - but they’ve tried very hard to fall for it. (like when MIL argued with me that maybe the Microsoft thing was legitimate). And for the most part, if anything looks hinky, they contact us, at least eventually.
AND, they often don’t have the skills or knowledge to troubleshoot / account for the problems: MIL lost access to her email account because she has no clue what the password was, and her computer crashed… so she just gave up on it.
I don’t know if I’ll be as vulnerable to this sort of thing in 20 years. I hope not - having been part of the first generation where computers really were an everyday thing, I’d like to believe we’re a bit more aware of the problems. But who knows. Maybe in 20 years my son will be posting here venting about his parents getting rooked.
As I read that I was just thinking that I never mentioned (and I don’t think anyone else did) that when someone has a ransomware issue, I try to remember to bring a copy of Malware Bytes on a jump drive for exactly that reason. It gives you the ability to take the computer off the internet (if you want/need to) and still be able to install it. IIRC, Malware Bytes or one of the other malware removal programs could make you a boot disk (or a boot jump drive). That was helpful because it would give you a shot at some malware removal without/before booting up Windows.