Slashdot Mirror
Ask Slashdot: Rescuing a PC That's Been Hit By Scammers?
New submitter malcus writes "My father was hit by scammers the other day and even though he has handed over all computer service tasks to me they were able to sweet-talk him into: (1) Running some 'checks' to confirm the 'grave situation' that his computer was heading for (bad). (2) Start some remote-control program (worse). (3) Giving them his social security number (terrible). When they asked him for his credit card information he stopped and is now probably expecting them to call again. Meanwhile I have told him to dump the computer in holy-water or aqua regis and cut the internet cable. I am heading over to his place later and wonder what measures I should take."
Bow your head and type "Format C:" Amen.
Please do not read this sig. Thank you.
Same as for any other compromised machine.
What operating system? Also check what programs were run...and prepare for worst case: Reinstall.
Format it and start over..how is this news?
What else were you expecting?
Give me Classic Slashdot or give me death!
Install a VM with a godawfully infected version of Windows 98 on it and turn them loose on it... for the lulz.
I had a client do this to his machine. He called an 800 number thinking they were the Yahoo help desk and they performed a similar routine. Oddly enough, they left no traces of their activity and there is no reasonable way to tell if there is an inactive trojan waiting to be launched in the future. Best bet is to copy off the data, wipe, reinstall OS.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
Gotta backup your documents and reload, man. I wouldn't waste your time attempting to clean it.
This is why you have backups. Reinstall the OS, restore your backups and do not give him an administrator account this time.
Get him to change all of his passwords, especially banking passwords. Preferably from a network that hasn't seen the computer in question (and of course not on that machine). You know that they've executed foreign code, you have to assume that the machine is pretty much forever compromised.
Then don't forget eau de kathy lee...
Back up all the data and then re-install the OS from scratch. Before restoring the data, do a thorough threat scan on it, to make sure there are no nasties lurking in there. If the machine has been rooted, then you simply can't guarantee that anything else you do to clean it up will get rid of all threats. Hope that helps! (I missed a chance there to evangelise on Linux!)
In addition to the wipe and install suggested over 9000 times, your father needs a good talking-to.
It's the only way to be sure.
You rescue damsels in distress. If you rescue your computers, you've been in the basement for too long. What kind of relationship exactly do you have with your computer?!?
Everybody's going to tell you the obvious right answer. You wipe the box and start over with a clean install, fully patched, with a firewall and AV. Anything less is really just asking for whatever happens next.
Subsequent to that, you need to have a serious talk with your dad about sharing control over his finances with someone trustworthy (you, maybe). If he's handing out his social security number to any random nutjob who calls him, he's going to give away his life savings to some scammer someday. The time to prevent that is now, not later. I am seriously planning to do that myself, that is put something in place so that when (not if) I'm no longer competent to handle my own affairs, my kids will have the legal ability to seamlessly keep me from bankrupting myself. I have decades before this needs to happen, but the time to do it is when you are of sound, not failing, mind.
I'd also look into putting a fraud warning on his credit report with all three credit bureaus. I'm not going to pretend that's something I know much about, so research it and confirm for yourself what good it will do and what harm before you act. I do think you want to limit the ability of any random goofball who knows your dad's SSN and name from opening credit in his name.
Disconnect the PC from the internet, so it's only useful for Word/Excel and maybe Turbotax.
Get him an iPad for day-to-day web surfing.
Unless he's a real gamer or his bank is from the 19th century, this should solve most of his problems.
After booting a Linux live CD, your choice of cleaning, reformatting or installing Linux. Within the Live CD session, there may exist rudimentary tools to scan for malware, but mostly you'll be able to mount the old disk and rescue data off to an USB key or disk. Once your data has been rescued, make a full reformat/reinstall of your choice OS.
This is what you need to do:
dd if=/dev/zero of=/dev/sda bs=4096
I find writing in 4KiB chunks performs slightly better than the default 512 bytes.
Or:
shred -z /dev/sda
Or:
Download and burn DBAN then type AUTONUKE at the prompt.
If there is any data that is hard to lose, you may wish to back it up. You may consider it all as suspect, however.
Boot from a flash drive with another OS, back up anything important, format, reinstall.
Try one of these: http://www.pendrivelinux.com/category/new-usb-linux-tutorials/
Be sure to bring your Ubuntu or Fedora CD.
Combofix, believe it or not, specializes in removing all forms of remote control software. Most people don't know that. In fact, it will even destroy gotomeeting related files whether you want it to or not :-P Also, any system setting viewer like even the ancient HijackThis will list all LSP and protocol changes and all startup entries and all browser plugins. Just get rid of anything you can't identify or that google says is a remote control viewer. If malware scanners can't pick up anything bad, a system restore will definitely destroy any legitimate remote control software so between the two, you should disable any control they had.
So, reset all passwords for all significant accounts, add a fraud alert to his credit report or add a third party lockdown solution like Lifelock (even though I hate them) and you should be set.
Is there a reason your father MUST be on Windows? Is he primarily browsing and using office productivity applications? If he does not have specific requirements (such as gaming, high end graphics/video production, ect) then he should not be running Windows to begin with.
Get thee to Linux Mint, good sir, and do have that son to father talk regardless. Giving out personal info to strangers is insane.
Computer related items would be better served if we had more info, so here's a few suggestions otherwise. Have your dad (or you) monitor his credit reports to keep an eye out for new accounts that open and charges to his credit card/bank accounts/etcetera. If you feel that something might have been opened against his will, make sure he gets his credit frozen (How to) and closes the affected account if there is one. I've never taken stock in monitoring services personally, but this may not be a bad situation to hire one.
Also watch his mail for anything that looks suspicious, such as credit card informationals. The worst thing that can happen is somebody running up a criminal record using his info. It's not common and somewhat hard to pull off, but it could be painful.
The Consumerist (liked above) also has tons of other info you can use about this stuff.
For those who seek perfection there can be no rest on this side of the grave.
Don't quit your day job, Cicero.
Here we go YET again.. WHY do people seem to think that this number is some kind of "password" or private in ANY MANNER?! IT IS NOT! IT IS PUBLIC INFORMATION, AVAILABLE TO ANYONE! It's a "public key" if you will -- NOT any form of verification/security. It's the ID -- not the proof! For fuck's sake. Idiots.
use a linux cd to recover the personal data, then wipe and reinstall. this is the only choice
Do you think your father could do everything he needs by using desktop Linux? If so, you could consider switching him to Ubuntu or some other distro. This could be a good turning point as you need to wipe the machine anyway.
Failing that, you need to treat the entire system as compromised, because it probably is. Do the following:
Bring a Linux live CD and an external hard drive. Boot ONLY into Linux, copy necessary files (documents, photos) over to the external hard drive.
Wipe the computer and reinstall everything from scratch. EVERYTHING. DBAN is your friend here. In fact, if he needs a bigger hard drive anyways, do that - just get a completely new hard drive.
Restore his data files from the backup you just made.
Yes, it's a pain, but at this point the system could contain something that anything short of this wouldn't clear out. (In fact, it's *possible* for malware to make it through even that, but AFAIK those are still just research demos, not in the wild).
Please do not simply wipe and re-install. That is most likely the ultimate solution - i.e. in my dad's case the con men had deleted required windows files, and even booting into the recovery partition failed to restore the disk.
However, before you go ahead with the re-install, do yourself a favour and boot into a Linux live CD. You can then mount the Windows file system, and copy any data needed to an external drive or cloud service. (At least in my dad's case, there was no backup available, so this approach allowed him to save some files.)
Once files have been backed up you can then proceed with the wipe and re-install. A good time to encourage the victim to give Linux a serious try. My dad is mighty happy with his "new" Linux machine and claims it runs much quicker than it did using Windows.
Boot From System Recovery Disk
Backup data files to DVD
Reinstall BIOS
NUKE MBR
Zero the hard drive
Reinstall everything.
-or-
Boot From System Recovery Disk
Backup data files to DVD
Zero Hard Drive
Put Computer in Trash
could do with a new car and a holiday.
One could think that hiring another father is a bit overkill solution...
Backup first, preferably disk-to-disk low-level copy so you preserve the state of the machine. Buy or bring a disk with the same capacity or bigger than what he already has. Use something like clonezilla to make the copy. Assume the backup *is* contaminated. Do *not* mount the drive on a machine with the same OS. Retrieve document files using a different operating system from the one your Dad's machine was running, scan those files until they are squeaky clean. Restore only what is absolutely necessary. Keep the backup handy for when (if) you talk to the police and/or bank.
An alternative approach rather than backing up and nuking the original disk would be to leave the original disk untouched, simply take it out of the machine, swap in a new/clean one, and start the reinstall from scratch. This would get your Dad up and running again and let you explore the original disk at your leisure, again not from a machine running the same OS. You don't say what system your Dad is using, but if it is a Windows machine, you could run a linux machine and explore the disk relatively safely after mounting the ntfs disk read-only.
I have to deal with this from time to time, and working in a security organization has taught me to NEVER trust a system after a compromise of ANY kind.
Think you can just run the already installed antivirus on all files and catch it? Unfortuantely, No. Malware can hook into the antivirus itself. I found this out the hard way (in particular, during an exercise with some DoD participants. They did that the first day and were just toying with us at that point. Imagine someone who actually cares about getting your private data).
It can also affect the boot-loader, which means if it hooked into files an antivirus can scan, it will still load at OS start up into memory
Run an up-to-date anti-virus scan on the drive from an independent source, such as hooking it into another machine (with that machine set to scan all drives before mounting them).
Malware can attach itself to media files, word files, etc. If those check out by an independent scan, back them up to a disk.
Then, wipe the old drive and re-install the OS (if it's Windows 7 and a machine with no disc, you can download the ISOs online as they are from Microsoft. You'll still need the product key which should be on the side of the machine).
Hope this helps ya.
fuck off and hire someone who knows what they are doing asshole.
Did daddy piss in your Wheaties this morning because mommy was spending too much time in the bathroom?
What many of these scammers do is surf the hardrive for login information for financial institutions, bank and credti card numbers, and anything else they can get to commit financial fraud.
Call and write letters to the credit bureaus, your banks, and every other financial institution one does business with.
And keep a sharp eye out for shenanigans and don't pay any bill that's not yours.
File a police report. The cops won't do anything, but at least you'll have something to fax the debt collectors who may be calling.
It sucks but it's up to the victim to clear their name as best as they can.
The banks and other financial institutions just write off any losses and pass on the costs to the rest of us in the form of higher and more fees.
The other thing they do with the information is create phoney IDs for illegals, get medical care for folks who can't pay, and various other things that require an ID - all in the victim's name and SSN. Folks have been arrested in the past because of someone else using their identity to commit a crime, the warrant goes out, and then the victim gets their lciense plate scanned by a cop, pulled over and taken to jail.
Have fun with that.
2. Have him save all his data to a cloud service.
3. As for the data on the hard drive, consider it all suspect. Only read it on a readonly environment such as Knoppix or other live Linux CD. I'm sure there are online virus scanners out there (Panda was one I used a couple times several years ago - are they still going?) that can be used to scan individual files, which can then be moved to flash or online storage.
4. Microsoft Windows should be considered a niche platform.
Operation Guillotine is in effect.
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline Download it on another machine, boot with it and clean up the mess. I will recommend installing the free Microsoft Security Essentials, and avoid using administrative login. Also not using any browser plugins will help as well.
1. Backup
2. Quick format
3. Re-install
4. Restore data
5. Place phone on floor
6. Don heavy boots
7. Render phone unusable
Firstly, make sure you are prepared to explain to your dad this is not your fault, you may want to borrow the car at some point in the future.
Secondly, take the old hard drive/s out, put a brand new drive in (Make it an SSD why not) and reinstall
Thirdly, create a limited privilege user for your father, to protect him from himself.
Finally, install AV, firewall & easy to use remote control like teamviewer to help your dad out when he calls
It's the only way to be sure.
Seriously. Assuming a windows PC, run the easy transfer wizard and back up his files, and while formatting and reinstalling his machine, virus scan his user files to make sure no nastis are making the trip to the fresh environment.
Lots of good advice so far, but one more item -- since your father has turned sysadmin tasks over to you, once you wipe and re-install, set up his account on the computer so that it is a restricted user account, not an admin account. If he isn't doing sysadmin tasks then he doesn't need the privs and this limits the amount of damage that a scammer can do to the computer. (Although getting his SSN and other info is still really bad.)
--Paul
1) Boot from a DVD (Non-Writable Drive) and Backup hard disk, NO APPLICATIONS!!! 2) Then format and reinstall. 3) Reset router Firm Ware 4) Rest any and all passwords from a secure terminal (You Boot disk should be sufficently secure if you force https) 5) Monitor you local Credit Record, Bank Accounts and such, with a fine tooth come for the next 6 months
"You are still innocent until proven guilty. What's changed is what they do to innocent people." by notnAP (846325)
I can't believe no one has recommended a credit freeze:
http://en.wikipedia.org/wiki/Credit_freeze
really? And you're worried primarily about the state of his computer?
He should be spending some time on the phone with his credit card companies making sure any security features they offer are fully activated, such as enhanced (not easily guessed based on what was on his computer) security questions, subscribing to a few years of identity theft watch, schedule regular pulls of his credit report watching for new plastic, checking accounts, and loans in his name, etc. The ssn by itself has some limits on abuse, but combined with the information on the hard drive (mother's maiden name, address, workplace, etc) it greatly magnifies the risk because it's going to allow additional verification of identity that a lot of places require.
After that, get him a book or something on how to be less of a sucker on the internet and in the world in general, or he'll just do it to himself again.
This could hound him for years to come. Make sure he understands that. If someone DOES manage to take out say, a loan or a card on his ssn, he needs to deal with it swiftly and decisively. Banks and similar organizations are notorious for not wanting to be the fall guy in cases like this, and will often try very hard to stick your dad with some or all of the bill. Don't be terribly surprised if something requires a lawyer to fix or clear off his record.
I work for the Department of Redundancy Department.
Back up just his data then blow away windows entirely and upgrade him to Linux.
Not only is linux more secure than windows anyway, but if his recovered data includes places where virusses can hide (such as any Microsoft Office files or PDF files) then they most likely wouldn't be able to do harm or even run in that environment either.
1. Get a new PC
2. Get a new Dad
My old man did fell for some scare ware. They updated the bios to only see 512 ram, disabled boot to cd etc. They were very good all my old go to tricks were disabled. I had to boot a second box to vm and slave the drive to the vm in order to be able to format the drive w/o infecting the other drive. They are getting very very good.
You can setup alerts with equifax and experian here:
equifax
experian
Of all the people on the internet, i would have expected the Slashdotters to know what happened to this individual.
The issue is very simple. As of late, people are getting cold-called by call centers from Singapore, claiming to be from MS, and that they have discovered your machine to be infected, and ask you to run a simple check to prove the problem exists ( With heavy exaggerating ).
http://www.youtube.com/watch?v=jb69H7l0vJA
This is a good breakdown what these people do.
TL;DR - They tell you to run eventviewer, then use legitimate third party remote access tools to lead you into the scam of having you pay for something nonexistant.
These people are too inept to install keyloggers, trojans, or any other kind of malware. If you want to be sure, certainly do what others have suggested, but in this case, I suggest putting more of your attention to making sure your identity ( and hard earned money ) are safe instead.
This has been very common in Australia. It seems they are still doing well in the US.
Should you keep his PC. Do the following.
1) Use some strong snipers to cut the cable on the back of the PC called LAN. If he has a wireless router, throw it in the garbage.
2) Get Linux from a clean machine and make install CD
3) Install Linux over his Windoz
4) Change his telephone number
5) Unlist his name from the telephone book
He should be good to go
and nuke the entire site from orbit. It's the only way to be sure.
it's the only way to be sure.
dd if=/dev/zero of=/dev/sda bs=1M
If you have to ask that question here, you should hire someone who knows what they are doing.
I went through a similar thing with my mother ("Microsoft" called and told her she had a lot of viruses; she let them remote into her PC and only put on the brakes when they wanted a credit card for the $200+ "virus protection" they were offering). How do we manage older or unsavvy people like this? Should there be some sort of Parental Controls for Parents? Even as I was trying to fix her computer, she kept asking questions like, "What should we do about the viruses that she said are on my computer?" I couldn't get through her head that this was a SCAM, and it wasn't much different than someone coming to her house, pawing through all her drawers and personal items, then demanding money to protect her from non-existent dust bunnies. Everything the "nice Microsoft lady from India" said was a lie, Mom. Really. My mother isn't stupid or in any way demented, but she has no online savvy and therefore doesn't understand what I consider common sense.
How do you handle this and still provide an easy-to-use, low maintenance method for parents to check email, print coupons, look at grandbaby pics, and all that stuff?
According to Microsoft's 10 Immutable Laws of Security, "it's not your computer anymore" and you need to revert to a known-good state. This generally translates into a complete restore from backups or a reinstall. If you have a spare drive, it's probably easiest to just save an entire image of the bad drive (just to make sure you don't lose anything) and do a complete wipe. You can recover any needed data from the backup image (just be careful not to actually run any apps from that backup). A current AV installed on the fresh rebuild may be able to help remove some of the junk from the backup image as well, just make sure it doesn't accidentally "clean up" anything important. That should fix the PC itself, but there are other things you may want to consider as well (as suggested by others here).
Your dad may need some training/assistance regarding finances and private info. You'll want to reset any accounts that were accessed via the tainted PC (and any others you think could have been compromised by the infected PC). If he doesn't specifically need Windows, changing to Ubuntu or similar can inherently stop Windows-specific malware (including crap from well-meaning but incompetent remote techs, e.g. unnecessary software from the ISP). I set a previous girlfriend up with a laptop running Ubuntu, and was able to find Linux versions of pretty much any app she needed for what she wanted to do (web browser, office suite, iPod software, etc.). Linux may not do everything he needs, and it won't stop phone-based social engineering, but it can go a long way to help against malware.
Why is giving out his SS number such an awfuly bad thing? From what I've read, it's no secret, but rather the contrary. It's just misassumed that the SS number should be secret.
Well It sound like you going to be doing the Microsoft Song and Dance. Fdisk - Format - Re-install Do Dah Do Dah... It's the Mocrosft way. The ONLY way to be 100% sure it's gone is to do a FULL System wipe and re-install of everything This IS WHY I use Linux... Linux IS easier and MORE Robust and Definetly MORE Secure then windows. GOOD LUCK Defiantone64
So.... what happens when these scammers call someone who actually knows something about computers, or runs a Macintosh, or run Linux? Or are these scammers only targeting retirement communities, because an awful lot of people these days are computer literate. And many kids aren't even running PCs anymore, they are using tablets.
If telephones are outlawed, then only outlaws will have telephones.
There's (at least) two sides to this:
Personal:
Credit agencies: So, this is a tech site, but before getting down-and-dirty with trying to fix his computer I would strongly suggest contacting the credit bureaus and put a hold on things. This will protect him from someone trying to open a new credit account in his name.
Credit cards and Banks: Depending on your level of paranoia, have him contact his credit card companies and banks and ask them to issue new cards. Of course, that may in turn require updating any pre-authorized billing he may have set up.
Authorities: Consider contacting the police and/or your Attorney General. They may be interested to hear a report of this.
Technical:
Forensics. If there's any question about needing to retain documentation about this, consider pulling the compromised drive and storing it. If access to existing data is necessary, put in an external enclosure, mount it read-only under Linux, and copy data from it.
Passwords: change passwords on all on-line accounts from a non-compromised system.
History: Look in whatever history information you can get. Take a look at his browser history, firewall log, command line history, registry, etc. This may help you to assess what level of damage you're dealing with.
Clean or Fresh? One can probably get away with formatting the drive and reinstall. But, in full paranoia mode, have him buy a new PC (cost of this provides reinforcement of prior warnings that were ignored.) Restore data from malware-scanned backups or from read-only access from pulled drive. I've read reports about malware hiding in USB keyboards and printers, so a reformat and restore onto the original machine may not be sufficient.
Family:
Possibly the hardest part of this is the fact that you're dealing with a parent. They were (hopefully) patient when you were learning all about the world as a child. It's helpful to try and bring an attitude of patience and tolerance to this situation. Let him face the consequences of his actions by having him make the phone calls to banks, credit agencies, etc. Let him pay for the cost of a new drive or PC. (Negative reinforcement) But also thank him for being honest with you about what he had done. Better this than to find out later he'd been scammed out of thousands of dollars because he was afraid to tell you what he had done. (Positive reinforcement.)
Finally: good luck!
MS even recommends reinstall, but with BIOS viruses now, I'd go further.
Get a new Internet device, preferably a tablet.
If going cheap, new hard drive, BIOS update, and Ubuntu Linux.
But work on the identity theft discussion. Find a class on this stuff for him. Go to the bank & get their fraud protection (if not for this, for the other thing he did you don't know about).
I hate to say it... but it sounds like:
A serious case of gullible
Possibly caused by senility, alzheimers, dementia... whatever.
I've seen this before with loved ones loosing tens to *hundreds* of thousands to:
European lottery scams
The catholic church
Land sales to construction companies that only had to pay when the houses they built sold, and with a backdoor default if it took more than six months, or was not at some outrageous profit.
Once they bit on the lottery scams, every place in the world knew they were an easy mark, and tens of thousands started moving very quickly.
There is no recourse.
None of my grandparents would've done this crap in their prime, but when they broke 75-85...they did...unspeakable things with their lifetime earnings.
You need to: /.. The advise to format is correct.
1) Unplug the computer and promise you'll deal with it. This is
2) Sit down and ask to have a very candid, very personal talk about their finances.
This will be incredibly hard for people from a previous generation used to independence, and likely seen as a breach of autonomy. If things aren't well enough organized to quickly scan the past six months...it's a likely sign of other problems.
Depending on what you find, you may need to place credit watches, cancel credit cards, or request power over finances.
If you're lucky, you can apologize, tell them you love them, and were just concerned by their momentary lapse in judgement.
I get that doing this may be incredibly hurtful, and I dread doing it to my parents some day. But I wish they had done it with the grandparents sooner -- there's no words for how much some of this hurt their surviving spouses, or the trouble it could have caused. One of them was actually paying 'taxes' to some conflict region of the world...
Lubuntu, thanks!
No one will ever know how much ongoing Medicare fraud takes place after old people naively give out their SS# over the phone to strangers. It's also their Medicare number.
The computer part is easy I would worry more about your dad giving out his SS. My mom got her SS stolen and we put a credit freeze on her file. I had to pay $10 each credit reporting agency but that stop the thiefs from getting too many credit cards. They did manage to get a Macy's CC.
First smack him upside his head. He really needs it.
Have him talk to his bank(s) immediately, freeze his accounts.
Next have him get a hold of every credit reporting agency and tell them to put a stop on all Credit checks immediately and inform them that he does not wish to have unsolicited credit card applications sent to him. This will prevent a scammer from opening a new credit card in his name in the future.
Call all of his Credit card companies and have holds put on his cards.
Go to SSN office immediately and change his SSN, and explain what happened.
Speak with every credit card company he's ever dealt with, and tell them to change his credit card number, explaining Fraud and report to them the new
SSN if they have to have it.
Talk to someone for each stock trading account he holds.
Talk to a credit lawyer about how to minimize further damage.
Get a shredder to shred all documents with SSN or Credit card companies offering credit.
Once you've helped him through all that, smack him upside his head again for good measure.
You have a very busy year ahead of you to help your father get through this crap.
Good Luck
Life takes interesting turns, but the most interest is when you're off the beaten path.
Unless you know exactly what the scammer did I don't think you can assuredly undo the damage. A format + reinstall really is the only 100% guaranteed thing to do the trick. And be sure to change all the passwords.
IMO the bigger problem is the social security number. He needs to setup fraud alerts with the credit reporting agencies. http://www.usatoday.com/money/perfi/columnist/block/2005-03-28-ym_x.htm They have links to do it for each of them.
A hacker (or spammer) with access to the PC is probably only a minor inconvenience in the scheme of life, identify theft could be devastating for years to come!
As far as the computer goes, many have already answered that a format and reinstall of the OS is a good cure, and really isn't very hard to do.
Here is an explanation of what to do if your SSN gets compromised, courtesy of the Federal Trade Commission.
Disconnect the machine from the internet. Using a clean machine, download a copy of Linux & UNetBootin. UnetBootin will create a bootable flash drive from a ios file (the downloaded Linux OS). IInstall Linux on a flash drive (I personally recommend Mint). Boot the infected computer from the Linux USB drive & back up any data you wish to save to a flash or external HD. At that point you should be safe to wipe the machine and start over. Or better yet, wipe the drive and install Linux as the main OS.
okay
A 1on your system download WSUSOFFLINE and build a patch set
2 download (but don't run) http://ninite.com/.net-7zip-air-chrome-firefox-flash-flashie-foxit-java-pdfcreator-shockwave-silverlight/
B 1 at your fathers house Dissconnect the Router
2 Wipe the Harddrive and reinstall Windows (you do have a record of the key right??)
3 run the WSUSOFFLINE update installer
4 do whatever other settings fixes you need to (enable Windows defender??)
5 reconnect the Router
6 run Ninite
7 spend the time Ninite is running explaining things to your father
8 Run FireFox and install AdBlock (or do the same to Chrome)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Scrap the computer. If you are not among the world's top 1% of computer gurus, DO NOT WASTE YOUR TIME TRYING TO FIX THIS MACHINE. It is as likely as anything to infect the tools you use to fix the problem.
Tell your father he should hand people his wallet and then soak his head in a bucket of water for 24 hours before he gives anyone a social security number.
You can now both enjoy scouring his credit reports several times a year for the next decade in hopes you'll spot the financial fraud perpetrated with the sensitive information he already gave out.
In short, your father totally overstepped all bounds of sensible behavior. Do not get in over your head.
Actually... whichever, just set up a separate /home partition from /, so it's easy to toss on a different install later without losing their stuff.
WHOA WHOA Wrong Order....
....his insurance.... ...credit rating agencies... ...defensive strategies... ....
The blatant identity theft is a ticking time bomb that will not be easy or painless to redress (especially for someone who readily handed over an SSN for ANY reason)....
The computer can sit there (off) just fine while you stop the bleeding.
1. OBVIOUSLY keep computer not only offline but OFF & OFF-SITE (who knows what he might try to do with it).
2. HELP YOUR FATHER start protecting himself with his....
3. banks....
4.
5.
6.
30. THEN look into addressing the computer problems.
Car analogy:
"My father hit a tree at 50 miles an hour and appears to have a broken collarbone and a punctured lung.... I'm heading over to investigate... Does anyone know if I can use my own AAA membership to get the car towed or should I have my own mechanic work on repairing the vehicle's front end?"
Someone who comes to me with their tech problems got suckered by this one. But luckily the person is quite stubborn and regularly ignores me so they ended up telling the scammers that they were doing it wrong and did it their own way. The only thing that was changed was the default home page which this person translated as installed a virus.
The big danger here is if they have enough info to open new lines of credit in his name. With the SS# and whatever they gleaned from his computer, they might. A security freeze will prevent anyone else from accessing his credit report without his express authorization. He'll have to contact TransUnion, Experian, and Equifax each, and directly. I think they waive any fee if he's over 65.
Good luck with that.
Many of us who have parents are are getting a little older have to deal with this kind of stuff. They're often not very computer savvy, and don't have the natural paranoia many of us have developed.
But they're going to want to maybe run tax software, the software for their camera, maybe run Office, maybe sync their eBook and a few other things. They're not going to be interested in running Linux, because the first thing they try to install that doesn't work they're going to be pissed off. I wouldn't foist Linux on my parents, and having seen the software they use, Linux wouldn't really be suitable for them. Because they do just enough as to make Linux more trouble than it's worth because there are things they need to do you can't do on Linux at all, and other things for which there is a piece of software which does most of what you want, but not al of it.
When my parents got their PC a couple of years ago, I sat them down and explained to them how you shouldn't always trust the internet, you definitely shouldn't trust someone calling you out of the blue claiming to be ... well, anybody really unless you can confirm it, and that I live sufficiently far enough away that being their tech support isn't practical. So they really needed to take to heart the risks.
Once I'd impressed upon them just how serious I was and what could go wrong, they then went forth with an understanding that they need to keep their wits about them. They've learned to be wary of unsolicited calls, and never to discuss any of that stuff unless they initiated the conversation with a number they verified from an official location.
Have you met any older people? I'm talking anywhere between 60 and 90. Many of them simply never developed the kind of watchfulness we have, and impressing upon them how important it is.
My great aunt in her late 90's fell for a couple of scams here and there (chump change, really). The problem was that somehow they figured out that if they could imply they were from her church then she'd be likely to open her wallet to them.
It's, for lack of a better word, that they're not sophisticated/worldly/cynical enough about people. Given how often I get calls from people claiming to be all sorts of things, I can completely see how someone who is in their 70's just don't realize to not trust someone by default. If you grew up in a rural area, or grew up before TV ... that level of distrust is just not natural to you.
Even a lot of the media targeted towards seniors try to give good coverage of the issues here. But you'd be surprised at how many older people really don't know what we consider to be fairly basic stuff.
Hell, I've gotten to the point that if I don't immediately recognize the phone number, I simply don't answer since most of my incoming calls are fraudulent. It's just like spam, cast a wide enough net, and even if you only get 1% response, it's pretty lucrative.
But it's actually quite difficult to really get all of this through someone's head.
Lost at C:>. Found at C.
Photos, unfortunately, have been used as re-infection vectors.
I imagine that passing a JPEG photo through jpegtran, a tool for lossless rotation, flipping, and remultiplexing of JPEG images, would strip out any format oddities through which a photo file can reinfect a computer. What viruses are you talking about that reinfect a host through JPEG images, and did the reinfection vectors survive jpegtran?
Get a good Live Linux CD, move data to portable HD, then reformat system with Lubuntu
or another LXDE based distro...
Oh, can format and totally reinstall windows if you want, then dual boot to LINUX, but
only run LINUX on the internet.
Don't forget to wipe the router back to default values as might have a drive by DNS on that that you will not see on the PC.
And set up router then with complicated user name and password (router manual will show how to get it back to default).
bring a new hard drive with you. Your father should first change all his passwords. You install Linux on the new drive (enable ssh for remote administration). Mount the old windows drive as read only and leave the task of retrieving his data to your father.
I don't think it's safe for your dad to handle the highly pure nitric and chlorhydric acids required to make aqua regia. And don't bother with holy water, it's just regular water that's been given a look over by a professional schizophrenic.
I would recommend that you purchase a high-end 3D printer, with which you could print all the parts required for a rocket and high orbit ion cannon satellite. The design of those things is outside the scope of the present instructions. Once that's done and put up in space, you'll want to make a GUI in Visual Basic to trace the scammers' IP addresses; don't forget to resolve their 7 proxies. Geolocate their street address from their IP, identify their mobile phone subscription using the street address, triangulate the mobile device of the culprit, and fire away with your ion cannon which will have hopefully charged up by now. Aim for the head, this will neutralize the scammers even if they happen to be zombies.
If so, the simplest thing is to put the computer back in the box and take it away.
http://cheezburger.com/4390392576
Nuke it from orbit - it's the only sure way. I'd recommend any decent Linux distro..
Organization? You must be joking..
I read an article were a security expert got one of these cold calls and decided to play along with a VM to see what they would do. In the end their scanner didn't install anything malicious and the remote connection was only used to try to convince him to pay them to fix problems that didn't exist. Any damage done to the computer would have been coincidental due to the scammers incompetence and not from malware or other malicious programs.
Bring a live-recovery distro on cd, the new hard drive and an external usb drive large enough to cover the files you want to copy off the old drive.
Boot the system with the live drive, the usb drive should be formatted with a FAT32 or exFAT32 filesystem, plug it in, copy the entire drive over to the usb drive.
when that is done, shutdown, disconnect the usb hard drive, install the new hard drive, power up, load the windows install/recovery cd or dvd, and install the OS from scratch.
install a good set of anti-virus, anti-malware, anti-spyware software. everyone has their favorites. my personal triumvirate is Comodo IS with superantispyware - both free, both running online all the time and malwarebytes for weekly scans.
patch that os to latest.
Now, reboot with the live recovery cd, reattach the usb drive, and copy over the files you want to the system - make a directory off of the root called recovery or something, place all the files there. - do NOT copy the entire hard drive. normally, I would copy anything under the users area - favorites, documents, music, photos, etc... - I also normally copy each directory separately.
once done, detach the usb hard drive, and reboot without the recovery cd into windows - open explorer, right click on the recovery folder, select scan with (your antivirus app or apps - scan with every one you have) then copy the files into where you'd like them.
if you find that files are missing, reboot to the live recovery cd then attach the usb hard drive and copy the missing files, detach, reboot normally.
repeat as necessary.
when you are done (say after a few weeks), detach the newly installed HD, re-attach the old hd, plug in the usb hard drive and boot the box with a dban live cd.
nuke the old hd and the usb drive.
shutdown, reattach the newly installed hd in it's proper place, and boot
once you've logged in
right click on my computer, select manage
go to storage manager
select the old hard drive (Should show as an empty, no partitions drive) - create a new partition, format it NTFS, default, assign a drive letter.
go ahead and re-format the usb drive as exFAT or FAT32 for the next emergency.
at least that's what I would do.
there can be some dreadful cruft left behind by some of the snakey charmers out there, even if you format the drive. bogus partitions of evil, and the like. I have gotten into the habit, thanks to some 90s viruses that created a reinfect partition every time the PC got reinfected (once found 19 partitions of evil!) of blowing the drive away by installing Linux in a clean "wipe it all" install. then if you have to put the Microsoft Virus back on, again do a clean "wipe it all" install of Windows. if the little darlings haven't hosed the BIOS, that should do it.
until the next time. instruct your pigeon that they need to "practice safe hex," and not hook up with characters they don't know.
(the punchline used to be "... and wrap all your floppies in condoms," but who has floppies any more?)
if this is supposed to be a new economy, how come they still want my old fashioned money?
Having recently gone through the process of protecting my wife from ID theft, her info was swiped from work (most likely) I can offer the following suggestions:
1) File a police report, even if your dad feels dumb
2) Check ALL financial institutions for transactions
3) Place a Fraud Alert with the three credit rating companies - it's free
4) Change ALL passwords and security questions
5) Sign up for credit monitoring services such as IdentityGuard.com
This slip up will follow your dad for many years to come. Acting swiftly will minimize damage to his credit.
It's amazing what info is freely available through public records: addresses, family members, date of birth, etc. Combine that with a SSN and people will be opening lines of credit EVERYWHERE with your dad's identity. I know first hand from what recently happened to my wife.
Geeze, all anyone here cares about is the PC! The man's identity is going to be stolen since he gave away his SSN! He needs to immediately get something like LifeLock.
You wipe the box and start over with a clean install, fully patched, with a firewall and AV. Anything less is really just asking for whatever happens next.
Be sure to completely wite the hard drive or SSD, including the Master Bot Record (MBR).
Also, you need to replace the BIOS flash-ROM (which probably means replacing the motherboard). You can't simply re-flash the BIOS ROM in place because the infected BIOS will infect anything you boot, no matter what kind of media you boot from - and no matter what OS the re-flashing tool uses. (with the right equipment, it might be possible to re-flash the BIOS in place. This involves connecting an in-circuit debugger to the CPU's debugging interface. Or plug in a CPU emulator in place of the CPU (assuming the motherboard uses a socketed CPU).)
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
An anti-virus program is a bad idea, especially today when they fail to catch up to the present day when it comes to virus definitions. A much better idea is to create a whitelist of programs and allow nothing else to run.
Seriously. If he's that vulnerable, it will probably happen again. I have had good success with the "basic computer users" I support. They are motivated to climb the learning curve because I explain that even if I reformat their hard drive and reinstall all the AV software, I cannot guarantee it won't happen again. Then I tell them that the AV software chews up some of their processor bandwidth and if we run Linux, they won't need it. So they will be getting more out of the machine. And to rescue the machine? USB drive, bootable Linux live CD and copy the data from the original HDD onto the USB drive, nuke the original drive, reformat, install OS of your choice and copy the data back.
Brilliant post, love the analogy!
Of course, it assumes that identity theft has taken place which may be a mistake in and of itself and drastic overkill, i.e., calling the fire department because someone lit a smoke in your dining room. But then again, nuking the site from orbit is the only way to be sure!
Right, cause you can't possibly work on the computer between phone calls and working hours.
There's an inherent delay in the system in trying to do your 2-6; they can't be done immediately. And doing them immediately will just have you waiting on hold and impatiently working through the automated phone systems.
There's no reason the computer can't be worked on at the same time.
1. Get him a new e-mail address & don't associate it with any social media apps, especially facebook
2. Change his phone number, unlisted
3. backup data to a HDD
4. repartition & format primary HDD, install OS (assuming win32)
5. install an "Internet Security Suite" from either: Kaspersky, BitDefender, Eset
6. install SOHO Deep Packet Inspection Firewall with VPN (~$300), ie. Sonicwall TZ100 (recently acquired by Dell):
http://www.sonicwall.com/us/products/TZ_100.html
- review of TZ100: http://www.techrepublic.com/blog/products/review-sonicwall-tz-100-router/989
- this might be astroturf comparison of Sonicwall vs. Cisco, but worth a read:
http://www.firewalls.com/sonicwall_vs_cisco
He gave away his social security number to scammers! Immediately get copies of his credit reports and look for any suspicious activity. While you are at it place locks on the credit report so nobody can create new accounts, even though it may cost a little bit of money and will cause him some inconvenience when he has to make legitimate transactions. Contact all his credit card companies and ask them to issue new cards with new numbers. Sign up for one of the identity protection services which monitor everything they possibly can and will help him straighten things out if anything goes wrong. Contact you local police for additional advice because almost every police agency in the country has someone assigned to identity theft these days.
Lobby your congressmen to establish laws requiring the Social Security Administration to monitor and report fraudulent use of credit card numbers. At the moment, even if they see the same number being used in dozens of different locations they are not allowed to notify the owner about the situation or do anything to verify the use is legitimate. So, illegal aliens in Florida, Oregon, Ohio, and New Mexico can all use the same number simultaneously and nobody will investigate.
Good luck!
The one thing that's always worried me about saving off the personal data from a clueless victim's hosed Windows box: how do you know there isn't a compromised file in that herd - a malicious pdf labeled '2008 Federal Tax Return', or that jpeg called 'Family Reunion' is not quite what it appears? Scan it all yes, but still that nagging concern never quite goes away.
After you call your bank (including any banks you have loans/credit cards/ with) and let them know what happened, do this:
(stolen shamelessly from usbank's website)
1.Call the major credit bureaus:
Equifax: 800-525-6285 or equifax.com
Experian: 888-397-3742 or experian.com
TransUnion: 800-680-7289 or transunion.com
First, ask that they place a “fraud alert” on your credit file. A fraud alert prevents creditors from changing your accounts – or opening new ones in your name – without proper verification. Then, request a free copy of your credit report. If you see any additional signs of fraud, notify the credit bureau and the creditors whose accounts are affected. After the disputed transactions are resolved, request another copy of your credit report to make sure your file has been updated.
2.Call your other creditors – including your phone and utility companies – and let them know that you’ve been a victim of fraud. Close any accounts that may have been compromised. As a precaution, consider resetting all of your passwords.
3.Inform check security companies about the fraud:
National Check Fraud Center 843-571-2153
SCAN 800-262-7771
TeleCheck 800-710-9898
CrossCheck 707-586-0551
Equifax Check Systems 800-437-5120
International Check Services 800-526-5380
Chexsystems 800-428-9623
CheckRite 800-466-2748
4.File a police report if you think your personal information (driver’s license, address) has been compromised or stolen.
5.Call the Federal Trade Commission (FTC) identity theft hotline at 877-438-4338, or file your complaint online at ftc.gov.
6.Be vigilant, patient and persistent. It can take weeks — or even months — to resolve identity theft. Keep a close eye on all of your statements, review your credit reports regularly, and immediately report any discrepancies.
Why so paranoid? Because with nothing more than your SSN and Address, the bad guys can see your free credit report and know about *every line of credit you have*.
The race is on; here comes Pride in the back stretch.
fdisk /mbr /dev/hda
or with Linux & grub:
grub-install
Both overwrite the master boot record. It's not some magical thing. Stop acting like it's some unknown religious artifact.
-- This space for lease, low setup fee, inquire within!
Unless your father is a geriatric and/or suffers from some mental impairment I'm really struggling with the idea that he shouldn't just be left to suffer his fate and clean up his own mess. Survival of the fittest can be a good thing.
In any case the very first thing that needs to happen and as soon as possibly possible is to lock his credit file . It will make life more of a pain for him later should he need to use a service requiring a credit inquiry but it will effectively prevent anyone from using his identity to establish credit. Then this incursion needs to be reported to every financial institution he does business with, banks, credit cards, investment, etc.. After that you can start to care about his computer. Which by the way if you wish to be paranoid you might as well throw away and replace. Unless you/he is sentimental and/or budget sensitive the time you'll invest scanning each an every bloody JPEG, PDF, wiping the hard drive(s) with DBAN, and flashing the BIOS, etc. might well not be worth it.
Two of my imaginary friends reproduced once
They "will" find it. All they need is a minute to load some in. These guys have a quota of people to arrest.
The question reminds a of an old joke:
A man comes with Chicken McNuggets to a veterinarian and says "Doctor, Doctor, isn't there anything you can do?"
Seriously: Any infected PC should be treated as it would contain contact poison. I would at least low format the hard disk and completely rebuild the system. In doubt i would rather loose data than allowing the infection to spread.
#1 on a Windows PC: Run combofix and Norton Power Eraser to check for rootkits. Maybe run malwarebytes as well.
#2: Create a new Admin user account with password protection
#3 Create a new Standard User account, and move his data from his old account's Favorites, My docs, Pics, Music, and Videos, etc. Data folders only. He will get fresh temp folders and fresh setting folders for software.
#4 Delete old user account
#5 If he is able to run Firefox with no script, I would highly recommend that move. If he is not able to manage noscript permissions, then just firefox.
Try to copy pictures, documents, EMail to an external drive, then zero out the drive, format and reinstall.
The OP came to a tech site for advice on the tech issues. Not the legal/financial.
I had her
* unplug from the internet and explained that she could never trust that OS install again - ever.
* She has the original Windows install disk - NOT. She has one, but it isn't the one used to install **this** OS.
At my next visit (she lives 7 hrs away), I /home ... so ...
* Repartitioned the HDD, adding 4 logical partitions
** Linux
** Linux
** Swap
** Backup
* Installed LXDE-based Ubuntu (her PC was a Pentium-4)
* Set a static IP
* Setup remote ssh access using dyndns subdomain and opening a high-port
* The router forwarded connections on 63022 --> 22 on the PC.
* disabled password-based remote ssh connections
* disabled remote root connections
* installed fail2ban to prevent anyone unwanted from having too many attempts
* Installed firefox, thunderbird, libreoffice, evince, KeePassX, apps - she'd already been using them on Windows, so the transition was basically zero. She liked them all.
* Renamed a few key files on Windows, so it wouldn't boot again. Wrote my self a note for how I'd done it.
* Setup hourly local snapshots for backups, weekly differential remote backups to my server
* Loaded WINE and configured Quicken to work. Quicken is the only commercial tool, beside AV that Mom used.
That was 2+ yrs ago. She never misses Windows. Obviously, she hasn't had a virus, rootkit or spyware since.
Last month, the PC died, but not the HDD. Found a newer PC, dropped the HDD into it and booted into Linux. Everything came up as before except the static IP. Had to clean up /etc/udev/... 70-net* to let the static IP work on eth0 again.
Oh, and I did run AV, A-rootlkit and 4 different cleanup tools. over 50 different viruses were remove, but 1 rootkit couldn't be removed. It was dug in completely. Windows is a data drive now for her.
At my next visit, she'll get Ubuntu 12.04 with LXDE. Her HDD is 5-7 yrs old, so it is time for a new HDD. I'll pick up a spare 300G from my collection, preload the apps, Linux, and her data (having backups here is nice). This is about an hour of work, BTW. When it is time to visit her, I just take the HDD and swap it in, connect the old HDD via eSATA and push all her data over from the few days that I missed since her last local snapshot. Easy-peasy. It sounds harder than it is, trust me.
Mom likes computing to be simple and LXDE make it that way for her. Linux makes it bonehead for me to help from far away too. It really is just like being there without all the GUI overhead.
I do have FreeNX (10x more efficient than VNC or RDP) setup for remote GUI stuff, but only used it twice in all this time. Any NX client works - it uses ssh tunnels too.
Put the PC in the trash and buy him a $399 iPad and allow him to participate in digital culture.
There is NO EXCUSE for putting a non-consumer PC in front of a consumer. Windows PC's cannot be safely attached to the Internet. The US government advises citizens not to use Windows PC's for banking or store any private data on them. Further, they are obsolete and end-of-lifed. Windows is transitioning to cheaper ARM hardware over the next few years and to a new interface and the Intel version is being abandoned because people are literally not willing to pay that much for Windows anymore. ASP for a Windows PC is below the entry-level $399 iPad price, and the Intel parts have to go to get the ASP down lower and stop the Windows platform from shrinking. So you are wondering why his PC cannot deal with the modern world? Because it is a relic. Trash it.
Today, you can go to the fucking iPod Store and buy a virus-free, malware-free, scam-free, training-free, no-I-T required consumer PC for $399 and it has $5 video editors from the 2 leading vendors, $10 best-of-class office apps, $1 games, video calls, iTunes, Netflix, Hulu, and all kinds of apps that Microsoft is pleading for developers to port to their office PC's.
Hey Slashdot, how can I fix a cardboard door that has been kicked in by scammers? You fix it with a fucking impregnable metal door that costs the same or less than the cardboard door you bought from a vendor that took advantage if you. Stop putting in cardboard doors.
My father, when he was able to use the computer, could fall into just about any kind of pitfall. You'd give him specific guidance, but he'd just forget.
If I was advising somebody with a father like mine. I'd create a custom Linux recovery disk that would easily restore his computer to a known state.
He'd always lose his data when the system was restored, but if that was what he expected to happen when he routinely crashed the system, that would be no big deal.
I used to try and recover compromised machines until about 2 years ago. Thats when I realized that no matter what you do with a compromised disk...there could easily still be some nugget of stuff thats been encrypted where scanners wont find it. Then I heard a lot of the recovery experts saying the same thing...format it, better still toss the drive and start over...the 'nuke it from orbit, its the only way to be sure' method.
The mistake is to stick the drive in another running machine or an enclosure and try to read it with another machine. Good chance you might infect that one too. Best to burn media files to a dvd on the compromised machine, throw the rest away. Ideal, restore from a backup to a new drive.
... before you destroy all the evidence doing what the other posters suggested, you should be taking care of your elderly father and CALL THE POLICE.
Where I work, we do a 3 pass secure wipe and then re-image the system for any malware due to security reasons. You should do the same. DO NOT attempt to save the OS, it is far too compromised; especially with god knows what they installed.
Better yet, put him in a home; he's clearly too senile to think well enough to keep himself out of trouble.
Pull the hard disk, put in a new one, stuff Linux onto the box, and then carefully pull data off the other drive (two drive system). When you have all the data you want from the old drive, onto the Linux system with the new drive, wipe the old drive, (your choice whether to do a low level format or not, although companies like Seagate have SeaTools that will safely do a very complete low level format, and will automatically look for bad sectors and mark them also. After the drive is clean, you can install whatever (windblows, etc.). Then you can give detailed instructions about giving social security information (or any private information) over the phone, rudimentary instruction in how these scams work and how to avoid them, etc. You can then start with the Linux drive again, mount the windows partition and move recovered data back to the other system (Linux will talk to windows, windows refuses to acknowledge the existence of Linux, or any other system for that matter). Then you can turn the system back over to them, and let them try again. 3 tries for a quarter.
It's the only way to be sure...
BIOS is 'metal'?
In the context of reformatting or replacing a hard drive for a clean operating system reinstallation, anything that runs before reading the boot sector from the hard drive is "metal". And in this case, the claim is that some boot-time rootkits infect the BIOS or UEFI.
This isn't Metal Storm.
Are you talking about the weapons company or the 1990 NES platformer?
If you have to ask the question then you shouldn't be messing with it in the first place and should leave it up to the professionals.
Eradicate every bit of data on that drive. Start over. There should be zero debate on this.
---- Booth was a patriot ----
It has been my experience that you can save *MOST * computers that have been infected by ransom/scam/mal/spyware.
Mark Russinovich (Technical Fellow at Microsoft) has many blog posts (http://blogs.technet.com/b/markrussinovich/) and videos on cleaning infected machines without having to format and start over.
You will need to download his Sysinternals Suite (http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx) plenty of powerful tools in there for seeing and manipulating exactly what your windows machine is doing behind the scenes.
And I'd add "get a Durable Power of Attorney" in place so you can monitor his activity on-line and ensure that he doesn't do something unwise. Most DPoA instruments require 'notification within a reasonable period' if they're constructed properly. This way you'll both be able to monitor the situation and you'll be able to step in if need be.
If it's really a problem, get him an iPad which doesn't permit Trojans and Malware. If you screen what he can buy in the Apple Store, he'll be pretty safe from infection. Then all you'll have to worry about is the phone calls and SPAM emails.
At some point, you may have to setup Internet access in a "while I'm in the room" situation. This is what my brother did with his kids as they were growing up. They had computers in their rooms connected to the local network but they weren't on-line. The only system that had net access other than my brother's was the one in the Great room which could only be used 'in public'.
To be safe you should do what other are suggesting. I moved my parents to Linux and have never had a problem since.
The interesting thing is I have played with a couple of these scammers in VMs and in both cases it was clear they know very little about computers and really just want to get you to buy a 'support' package. To show how dumb some of them are when I told one I couldn't actually seen any problems he proceeded to try and format my C drive at a command prompt but he could not get the syntax right. After 5 minutes of trying he gave up and used the GUI to delete the C drive. So while dumb they can be vindictive, so be careful. He hung up before I could show him how a VM can be restored in seconds.
The *first* thing you need to do is contact credit services and put a lock (or at minimum, an alert) on them so that whoever has your fathers SSN, Name, and probably birth date, given the fact that he gave up the SSN from opening any new accounts ( https://www.privacyrights.org/fs/fs17a.htm ). I'm sure the SSA would also like to be notified ( http://www.ssa.gov/pubs/10064.html/#a0=-1 ).
Also, educate him on keeping personal information personal ( http://www.fbi.gov/scams-safety/fraud/seniors ), and never giving that information to anyone who calls and asks for it.
Then, all that stuff about passwords, malware and antivirus scans, etc.
Give it an Enema.
Forensics needs to be done on the computer to prove that a crime has been committed.
So ... since you've been diligent in your entrusted tasks :
Where is the problem?
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
I get this sort of thing often.
Burn a copy of KRD on a known good machine. Then boot to it on the infected computer. It's not 100% but it does a good job getting rid of many of the nasties. I usually follow up with a full scan of MalwareBytes and, sometimes, ComboFix.
The moment the remote control program was activated, all bets were off. They could have done literally anything at that point.
Unless your father is a geriatric and/or suffers from some mental impairment I'm really struggling with the idea that he shouldn't just be left to suffer his fate and clean up his own mess. Survival of the fittest can be a good thing.
Oh, you don't know old people huh? He won't ever touch the computer again.
He won't fix it. He'll just not use it. Excellent choice for a solution.
-@|
That's a pretty typical Mac user response...
Something wrong with it? Throw it away and buy a new one. (Or in this case, lower the use to the point of silliness and get a new one)
Phone rings. You answer to hear the phone ringing. Dude in a bull pen picks up. "His servers show that my machine has a serious error." Suspicious I asked which one, I have many. "The windows machine." Uh huh. I abused him for a bit and made sure I wasted some of his time. He clearly had no clue what I had. Beware of Greeks... er Geeks calling offering free services. They are probably not your friend.
I removed this same malware using this disk http://support.kaspersky.com/viruses/rescuedisk
It boots into Linux and offers malware removal tools. Another option is to remove the drive from the machine and us an USB to SATA adaptor. Plug it into a good well protected working machine and use the anti-virus tools on your machine to scan and clean the attached drive. Since you do not boot from or run code from the drive your machine should be clean. Of course you could us a Windows VM running under Linux to clean the attached drive as well but I have never needed to go that far.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Shocking I know but my US Bank, CC, their processors and most annual AV subscriptions ALL steal more money than ever malware has from me... One needs to re-think precisely who ALL the thieves are.
May the lies we live by make us strong, healthy, happy and wise - Kurt Vonnegut.