Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Rescuing a PC That's Been Hit By Scammers?

Posted by timothy on from the how-much-holy-water-ya-got? dept.

New submitter malcus writes "My father was hit by scammers the other day and even though he has handed over all computer service tasks to me they were able to sweet-talk him into: (1) Running some 'checks' to confirm the 'grave situation' that his computer was heading for (bad). (2) Start some remote-control program (worse). (3) Giving them his social security number (terrible). When they asked him for his credit card information he stopped and is now probably expecting them to call again. Meanwhile I have told him to dump the computer in holy-water or aqua regis and cut the internet cable. I am heading over to his place later and wonder what measures I should take."

10 of 320 comments (clear)

  1. Just the obvious by gestalt_n_pepper · · Score: 5, Insightful

    Bow your head and type "Format C:" Amen.

    --
    Please do not read this sig. Thank you.
    1. Re:Just the obvious by snowraver1 · · Score: 4, Insightful

      No offence to the OP, but you can't fix stupid.

      --
      Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
    2. Re:Just the obvious by NeverVotedBush · · Score: 3, Insightful

      "Obviously you have never heard of TSR programs or BIOS/UEFI attack vectors. Hardware CAN be infected at the 'metal' level." Um, a TSR doesn't really matter if you reinstall the OS. While BIOS can be infected, you should just be able to update the BIOS to eliminate that infection. You can verify by merely watch the POST to see the before and after BIOS versions. If the system is already at the most current BIOS, down rev it and verify the BIOS level follows and then flash back to the current value and check again.

      I would also suggest switching Dad to Linux. While not totally immune to attack, whatever the scammers had him do would probably have had no effect on Linux if the steps could even be duplicated on a Linux box.

      The post about contacting the FBI is also a good one. Find out if they are interested in any forensics BEFORE wiping the OS.

  2. A stern son-to-father lecture by stevegee58 · · Score: 3, Insightful

    In addition to the wipe and install suggested over 9000 times, your father needs a good talking-to.

    1. Re:A stern son-to-father lecture by spacepimp · · Score: 3, Insightful

      I would also remove his administrative privileges. Set up team viewer so you can connect remotely when he needs to install/make changes. My father was the same way. He had some sort of weird skill to always get immediately infected. Almost like he looked for some way to screw up his own life constantly.

  3. Wipe, reinstall, serious talk about his finances by SecurityGuy · · Score: 5, Insightful

    Everybody's going to tell you the obvious right answer. You wipe the box and start over with a clean install, fully patched, with a firewall and AV. Anything less is really just asking for whatever happens next.

    Subsequent to that, you need to have a serious talk with your dad about sharing control over his finances with someone trustworthy (you, maybe). If he's handing out his social security number to any random nutjob who calls him, he's going to give away his life savings to some scammer someday. The time to prevent that is now, not later. I am seriously planning to do that myself, that is put something in place so that when (not if) I'm no longer competent to handle my own affairs, my kids will have the legal ability to seamlessly keep me from bankrupting myself. I have decades before this needs to happen, but the time to do it is when you are of sound, not failing, mind.

    I'd also look into putting a fraud warning on his credit report with all three credit bureaus. I'm not going to pretend that's something I know much about, so research it and confirm for yourself what good it will do and what harm before you act. I do think you want to limit the ability of any random goofball who knows your dad's SSN and name from opening credit in his name.

  4. Re:Format and reinstall by SecurityGuy · · Score: 4, Insightful

    As someone who does forensic analysis, no, the thing you want to do is not tell an untrained amateur how to try to do it, point them at tools, and hope for the best. It's actually time consuming and can be hard. By far the simplest solution is wipe and reinstall. If you want an actual forensic analysis done, unplug the network cable, step away and DO NOT TOUCH THE BOX AGAIN! Then call a pro.

  5. Re:This is why backups exist. by rbrausse · · Score: 4, Insightful

    everyone wants restore, no one make backups...

  6. Social Security number by hobarrera · · Score: 3, Insightful

    Why is giving out his SS number such an awfuly bad thing? From what I've read, it's no secret, but rather the contrary. It's just misassumed that the SS number should be secret.

  7. Re:Just the obvious - WRONG ORDER by Apocryphon · · Score: 5, Insightful

    WHOA WHOA Wrong Order....

    The blatant identity theft is a ticking time bomb that will not be easy or painless to redress (especially for someone who readily handed over an SSN for ANY reason)....

    The computer can sit there (off) just fine while you stop the bleeding.

    1. OBVIOUSLY keep computer not only offline but OFF & OFF-SITE (who knows what he might try to do with it).
    2. HELP YOUR FATHER start protecting himself with his....
    3. banks....
    4. ....his insurance....
    5. ...credit rating agencies...
    6. ...defensive strategies... ....
    30. THEN look into addressing the computer problems.

    Car analogy:

    "My father hit a tree at 50 miles an hour and appears to have a broken collarbone and a punctured lung.... I'm heading over to investigate... Does anyone know if I can use my own AAA membership to get the car towed or should I have my own mechanic work on repairing the vehicle's front end?"