Ask Slashdot: Rescuing a PC That's Been Hit By Scammers?

New submitter malcus writes "My father was hit by scammers the other day and even though he has handed over all computer service tasks to me they were able to sweet-talk him into: (1) Running some 'checks' to confirm the 'grave situation' that his computer was heading for (bad). (2) Start some remote-control program (worse). (3) Giving them his social security number (terrible). When they asked him for his credit card information he stopped and is now probably expecting them to call again. Meanwhile I have told him to dump the computer in holy-water or aqua regis and cut the internet cable. I am heading over to his place later and wonder what measures I should take."

oddly enough

[alphatel]

I had a client do this to his machine. He called an 800 number thinking they were the Yahoo help desk and they performed a similar routine. Oddly enough, they left no traces of their activity and there is no reasonable way to tell if there is an inactive trojan waiting to be launched in the future. Best bet is to copy off the data, wipe, reinstall OS.

Re:Just the obvious

[RogueyWon]

That's definitely the first thing he needs to do, but there's more besides:

1) Change all passwords. Either do it from a different PC or from that PC AFTER it has been wiped and confirmed clean.

2) Get a few credit checks over the next few months. Depending on how much information the father has actually given away (and it may be more than he's willing to admit), he may have given the scammers enough to do a thorough identity theft job on him. Picking up any attempts at this as early as possible will be important.

3) Some urgent parental re-education. Using a stout stick if necessary.

Oh, and when going to do the disinfection, if you're taking a personal machine with you, make damned sure before you go that it is NOT set to automatically connect to wireless networks. I got stung with this one a few weeks ago when disinfecting an uncle's PC.

He'd picked up one of those ransomware fake-AV trojans that basically renders Windows unusable. I'd figured it was going to be a wipe-and-reinstall job (which indeed it was), but had taken an old laptop with me in case I needed a "clean" PC for anything. This laptop had been my secondary PC until I replaced it with an iPad and I was going to use my trip "up north" as an opportunity to hand it over to the parents, who would make more use of it than I would. It'd just been flattened itself and had a fresh (though updated) Vista install on it. It also has a network share on it, that I'd used to copy a few drivers and other files over from my desktop to save redownloading them.

Anyway, like a fool I boot the thing up as soon as I get in there, forgetting two important things:

1) The laptop will default to connecting to any wireless network it can find and get onto; and

2) My uncle, being a complete idiot, has an unsecured wireless network.

So the laptop connects immediately to his wireless network - and gets infected within seconds by the trojan on his PC via the open network share. Fortunately, I had the Vista disc with me to do an immediate wipe and reinstall on the laptop as well, but it was still frustrating.

Victims are stuck cleaning up the mess.

What many of these scammers do is surf the hardrive for login information for financial institutions, bank and credti card numbers, and anything else they can get to commit financial fraud.

Call and write letters to the credit bureaus, your banks, and every other financial institution one does business with.

And keep a sharp eye out for shenanigans and don't pay any bill that's not yours.

File a police report. The cops won't do anything, but at least you'll have something to fax the debt collectors who may be calling.

It sucks but it's up to the victim to clear their name as best as they can.

The banks and other financial institutions just write off any losses and pass on the costs to the rest of us in the form of higher and more fees.

The other thing they do with the information is create phoney IDs for illegals, get medical care for folks who can't pay, and various other things that require an ID - all in the victim's name and SSN. Folks have been arrested in the past because of someone else using their identity to commit a crime, the warrant goes out, and then the victim gets their lciense plate scanned by a cop, pulled over and taken to jail.

Have fun with that.

Re:Just the obvious

[Joce640k]

Bow your head and type "Format C:" Amen.

Even better ... make him buy a new hard disk, that way you can be sure that:
a) He spends some money (more likely to pay attention in the future).
b) You didn't lose any data files - they're all on the old disk somewhere.

gave them his ssn?

[v1]

really? And you're worried primarily about the state of his computer?

He should be spending some time on the phone with his credit card companies making sure any security features they offer are fully activated, such as enhanced (not easily guessed based on what was on his computer) security questions, subscribing to a few years of identity theft watch, schedule regular pulls of his credit report watching for new plastic, checking accounts, and loans in his name, etc. The ssn by itself has some limits on abuse, but combined with the information on the hard drive (mother's maiden name, address, workplace, etc) it greatly magnifies the risk because it's going to allow additional verification of identity that a lot of places require.

After that, get him a book or something on how to be less of a sucker on the internet and in the world in general, or he'll just do it to himself again.

This could hound him for years to come. Make sure he understands that. If someone DOES manage to take out say, a loan or a card on his ssn, he needs to deal with it swiftly and decisively. Banks and similar organizations are notorious for not wanting to be the fall guy in cases like this, and will often try very hard to stick your dad with some or all of the bill. Don't be terribly surprised if something requires a lawyer to fix or clear off his record.