Ask Slashdot: Rescuing a PC That's Been Hit By Scammers?

New submitter malcus writes "My father was hit by scammers the other day and even though he has handed over all computer service tasks to me they were able to sweet-talk him into: (1) Running some 'checks' to confirm the 'grave situation' that his computer was heading for (bad). (2) Start some remote-control program (worse). (3) Giving them his social security number (terrible). When they asked him for his credit card information he stopped and is now probably expecting them to call again. Meanwhile I have told him to dump the computer in holy-water or aqua regis and cut the internet cable. I am heading over to his place later and wonder what measures I should take."

Just the obvious

[gestalt_n_pepper]

Bow your head and type "Format C:" Amen.

Re:Just the obvious

[RogueyWon]

That's definitely the first thing he needs to do, but there's more besides:

1) Change all passwords. Either do it from a different PC or from that PC AFTER it has been wiped and confirmed clean.

2) Get a few credit checks over the next few months. Depending on how much information the father has actually given away (and it may be more than he's willing to admit), he may have given the scammers enough to do a thorough identity theft job on him. Picking up any attempts at this as early as possible will be important.

3) Some urgent parental re-education. Using a stout stick if necessary.

Oh, and when going to do the disinfection, if you're taking a personal machine with you, make damned sure before you go that it is NOT set to automatically connect to wireless networks. I got stung with this one a few weeks ago when disinfecting an uncle's PC.

He'd picked up one of those ransomware fake-AV trojans that basically renders Windows unusable. I'd figured it was going to be a wipe-and-reinstall job (which indeed it was), but had taken an old laptop with me in case I needed a "clean" PC for anything. This laptop had been my secondary PC until I replaced it with an iPad and I was going to use my trip "up north" as an opportunity to hand it over to the parents, who would make more use of it than I would. It'd just been flattened itself and had a fresh (though updated) Vista install on it. It also has a network share on it, that I'd used to copy a few drivers and other files over from my desktop to save redownloading them.

Anyway, like a fool I boot the thing up as soon as I get in there, forgetting two important things:

1) The laptop will default to connecting to any wireless network it can find and get onto; and

2) My uncle, being a complete idiot, has an unsecured wireless network.

So the laptop connects immediately to his wireless network - and gets infected within seconds by the trojan on his PC via the open network share. Fortunately, I had the Vista disc with me to do an immediate wipe and reinstall on the laptop as well, but it was still frustrating.

Re:Just the obvious

[Joce640k]

Bow your head and type "Format C:" Amen.

Even better ... make him buy a new hard disk, that way you can be sure that:
a) He spends some money (more likely to pay attention in the future).
b) You didn't lose any data files - they're all on the old disk somewhere.

Re:Just the obvious

[LVSlushdat]

THIS!! Which is why the laptop I take for these kinds of 911 calls to guilible relatives/friends whose Windows machines have been screwed up by malware is a Linux machine. I'm the defacto tech support for my church/neighborhood. I've had several "clients" who are the typical "click on EVERYTHING" types, and who would call frequently when their machines got so slow that they couldn't do anything.. In the first case, the machine was so hozed that only a clean reinstall of windows would be effective. But of course the owner didn't have the recovery disks for XP. The machine maxed out at 2GB, so getting the user to buy Win7 was a non-starter. To save the day, I loaded an Ubuntu LiveCD and showed what Ubuntu looked like, and asked "Can you live with that??" with an unspoken "You have no choice..".. The user said "whatever you say, I gotta have my computer!!".. So I backed up the docs to a USB drive via the LiveCD, and wiped/installed Ubuntu.. After a couple of calls from the user, saying "how do I do X??", I'm not hearing much from her anymore. As far as I know she still clicks on everything in sight, but I've not gotten anymore "my computers slow" issues. In fact, her husband, once he saw how well Ubuntu worked, he wanted to be "upgraded" to Ubuntu, and now he's a happy camper.. Word has spread, and I'm doing a fair number of these "upgrades"... Still using 10.04, as I'm still trying to decide if MATE or Cinnamon OR X/Lubuntu is the best way to replace Unity on 12.04..

oddly enough

[alphatel]

I had a client do this to his machine. He called an 800 number thinking they were the Yahoo help desk and they performed a similar routine. Oddly enough, they left no traces of their activity and there is no reasonable way to tell if there is an inactive trojan waiting to be launched in the future. Best bet is to copy off the data, wipe, reinstall OS.

Wipe, reinstall, serious talk about his finances

[SecurityGuy]

Everybody's going to tell you the obvious right answer. You wipe the box and start over with a clean install, fully patched, with a firewall and AV. Anything less is really just asking for whatever happens next.

Subsequent to that, you need to have a serious talk with your dad about sharing control over his finances with someone trustworthy (you, maybe). If he's handing out his social security number to any random nutjob who calls him, he's going to give away his life savings to some scammer someday. The time to prevent that is now, not later. I am seriously planning to do that myself, that is put something in place so that when (not if) I'm no longer competent to handle my own affairs, my kids will have the legal ability to seamlessly keep me from bankrupting myself. I have decades before this needs to happen, but the time to do it is when you are of sound, not failing, mind.

I'd also look into putting a fraud warning on his credit report with all three credit bureaus. I'm not going to pretend that's something I know much about, so research it and confirm for yourself what good it will do and what harm before you act. I do think you want to limit the ability of any random goofball who knows your dad's SSN and name from opening credit in his name.

Victims are stuck cleaning up the mess.

What many of these scammers do is surf the hardrive for login information for financial institutions, bank and credti card numbers, and anything else they can get to commit financial fraud.

Call and write letters to the credit bureaus, your banks, and every other financial institution one does business with.

And keep a sharp eye out for shenanigans and don't pay any bill that's not yours.

File a police report. The cops won't do anything, but at least you'll have something to fax the debt collectors who may be calling.

It sucks but it's up to the victim to clear their name as best as they can.

The banks and other financial institutions just write off any losses and pass on the costs to the rest of us in the form of higher and more fees.

The other thing they do with the information is create phoney IDs for illegals, get medical care for folks who can't pay, and various other things that require an ID - all in the victim's name and SSN. Folks have been arrested in the past because of someone else using their identity to commit a crime, the warrant goes out, and then the victim gets their lciense plate scanned by a cop, pulled over and taken to jail.

Have fun with that.

gave them his ssn?

[v1]

really? And you're worried primarily about the state of his computer?

He should be spending some time on the phone with his credit card companies making sure any security features they offer are fully activated, such as enhanced (not easily guessed based on what was on his computer) security questions, subscribing to a few years of identity theft watch, schedule regular pulls of his credit report watching for new plastic, checking accounts, and loans in his name, etc. The ssn by itself has some limits on abuse, but combined with the information on the hard drive (mother's maiden name, address, workplace, etc) it greatly magnifies the risk because it's going to allow additional verification of identity that a lot of places require.

After that, get him a book or something on how to be less of a sucker on the internet and in the world in general, or he'll just do it to himself again.

This could hound him for years to come. Make sure he understands that. If someone DOES manage to take out say, a loan or a card on his ssn, he needs to deal with it swiftly and decisively. Banks and similar organizations are notorious for not wanting to be the fall guy in cases like this, and will often try very hard to stick your dad with some or all of the bill. Don't be terribly surprised if something requires a lawyer to fix or clear off his record.

Re:Just the obvious - WRONG ORDER

[Apocryphon]

WHOA WHOA Wrong Order....

The blatant identity theft is a ticking time bomb that will not be easy or painless to redress (especially for someone who readily handed over an SSN for ANY reason)....

The computer can sit there (off) just fine while you stop the bleeding.

1. OBVIOUSLY keep computer not only offline but OFF & OFF-SITE (who knows what he might try to do with it).
2. HELP YOUR FATHER start protecting himself with his....
3. banks....
4. ....his insurance....
5. ...credit rating agencies...
6. ...defensive strategies... ....
30. THEN look into addressing the computer problems.

Car analogy:

"My father hit a tree at 50 miles an hour and appears to have a broken collarbone and a punctured lung.... I'm heading over to investigate... Does anyone know if I can use my own AAA membership to get the car towed or should I have my own mechanic work on repairing the vehicle's front end?"