Sam Mcgoo Posted October 25, 2012 Share Posted October 25, 2012 Unfortunately, while I was away working my wife fell for a scam over the telephone from 'Microsoft Windows Help desk' and her laptop was accessed remotely by the scammers. Once she realised what was going on, she shut down and removed the battery. However, she says they were probably on there a good 10-15 minutes before she realised it was non-genuine. So, we have informed our banks, credit cards etc and changed all internet passwords for every account I can think of. She also spoke to the police who referred her to Action fraud who took some details and gave us a reference no. This was a couple of weeks ago now and there has been no suspicious account activity as yet. Regarding finances etc is there anything else we need to do? So, I would like to get the laptop up and running for her to use again and have done the following so far... -Switched on in safe mode and rolled back to a system restore point a month before the event. -re-enabled the firewall and antivirus that they had switched off. Also turned off remote access. -Ran several scans using Kaspersky 2012, Malwarebytes and Superantispyware. About 13 things were picked up, trojens, vunrabilities etc....but nothing that stood out as really bad (not that I know anything about it lol) - Switched the wifi back on, Connected to the internet and done all the windows updates etc.... Those in the know......Is it safe to use again now? or should I format the drives and start again? If the latter, whats the best way to go about it? do you just do the C drive? Thanks in advance for any help. Quote Link to comment Share on other sites More sharing options...
Chesterfield Posted October 25, 2012 Share Posted October 25, 2012 If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch. Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future). If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software That should just about do it. Quote Link to comment Share on other sites More sharing options...
ioneabee Posted October 25, 2012 Share Posted October 25, 2012 you've probably solved it, as most of the time they just use the remote access software to get the info they're after - however, I'd go with chesterfield on this and to be safe, start from scratch Quote Link to comment Share on other sites More sharing options...
Dblock Posted October 25, 2012 Share Posted October 25, 2012 Didn't know stuff like that still happened. Unlucky man. Hope you get it sorted Quote Link to comment Share on other sites More sharing options...
glrnet Posted October 25, 2012 Share Posted October 25, 2012 Hope they didn't get anything buddy Scroatz Quote Link to comment Share on other sites More sharing options...
DannyBoy Posted October 25, 2012 Share Posted October 25, 2012 Chestefield's advice is pretty sound. You may well have got rid of everything with the security software, but personally I'd want to re-format after someone having such an extended period of unrestricted access. At the end of the day the security software can only detect things that it knows to look for, and updates against new threats can take several days to be published and sometimes aren't fully effective until further updates have been applied on top. I don't know how your home network is set up, but if it's as lax as some I've seen then it's possible that they could have had access to other machines on the same network through that laptop, so that's worth bearing in mind. Hope they didn't get what they were after and you get it all sorted. DB Quote Link to comment Share on other sites More sharing options...
Bockaaarck Posted October 25, 2012 Share Posted October 25, 2012 +1 with Chestefield's advice, backup, reformat, re-instal and getting your ISP to change your IP address, if its static, is also a good idea. Quote Link to comment Share on other sites More sharing options...
marzman Posted October 25, 2012 Share Posted October 25, 2012 If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch. Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future). If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software That should just about do it. This. Quote Link to comment Share on other sites More sharing options...
Sam Mcgoo Posted October 25, 2012 Author Share Posted October 25, 2012 Thank you very much for the prompt replies guys. So you know the next question......how do I go about formatting the drives (vista)? Is Restoring from a back up ok? Or is there a way to totally wipe them and start again? There were no other computers in the house turned on at the time and we don't have any file sharing on so I assume they couldn't have accessed any others? Quote Link to comment Share on other sites More sharing options...
ewan221 Posted October 25, 2012 Share Posted October 25, 2012 +1 on the format c and start from scratch. I actually got a call the other night from some one claiming to be from BT broadband advising me I had a virus and wanting remote access to fix it, I almost fell for as well as the night before had been on the phone to BT about my broadband contract. Quote Link to comment Share on other sites More sharing options...
Sam Mcgoo Posted October 25, 2012 Author Share Posted October 25, 2012 +1 on the format c and start from scratch. I actually got a call the other night from some one claiming to be from BT broadband advising me I had a virus and wanting remote access to fix it, I almost fell for as well as the night before had been on the phone to BT about my broadband contract. A similar thing made her fall for it. That day she emailed me to tell me that the computer had ground to a halt to the point that is was almost unusable, then a few hours later she got the call........she assumed it was something I had organised for her. Quote Link to comment Share on other sites More sharing options...
spursmaddave Posted October 25, 2012 Share Posted October 25, 2012 If it were me, Id take a couple of backups of any photos and important documents you want off the system, (run them through a virus checker on another system), then format the drives and re-install software from scratch. Also, if you have a fixed IP address assigned to your internet connection, ask your ISP if you can change it. Explain whats happened and hopefully they may do that for you. (if said scammers have your IP address, they may think you are a soft tap and try to find other ways back onto your system in the future). If you do rebuild your laptop, do not connect to the internet for any reason other than to install the latest windows updates and update your antivirus software That should just about do it. Couldn't have said it better myself..... better safe than sorry for the sake of a complete format and reinstall of your OS got to be the way to go Quote Link to comment Share on other sites More sharing options...
JetSet Posted October 25, 2012 Share Posted October 25, 2012 I have had a multitude of calls from the "Microsoft Windows Help Desk" , Indian call centre and yes, it's a scam but not in the way you might think. From what I've read this is an attempt to sell you some worthless anti virus software, they do this by highlighting any red x's and warning messages in the event viewer system log, anyone who knows anything about PC's will know that no matter how clean your system is these red x's will show up, they are nothing more than simple system errors. However, this could be a new scam as I just tell them to (insert profanity here) when they phone these days. Pete Quote Link to comment Share on other sites More sharing options...
Keyser Posted October 25, 2012 Share Posted October 25, 2012 I'm actually with JetSet on this - the scam is to sell you crap - dosn't stop them loading other bits though - one of our clients who recently fell for the same call had goto my PC installed and running on the sytem - this is not a virus so won't come up with a virus or malware scan but does mean they can log into your PC anytime - and a static IP or Dynamic makes no difference....so as Cheterfield says to be sure format nad reload. @ Sam - If it's a laptop the Vista code should be on the bottom with the licence some Laptops have a restore otion F8 or simlar on startup, this should wipe the hard drive and restore it to the day you bought it so when turned back on you will be asked to set it up again (make sure you have backups) If you have the licence codes but no restore option or install disks drop me a PM I can get you a copy of most versions to reinstall from. If you have a disk image style backup from before the hack then this should be safe to restore from. Quote Link to comment Share on other sites More sharing options...
Chesterfield Posted October 25, 2012 Share Posted October 25, 2012 Or take the opportunity to upgrade to windows 7. (check your system is compatible) With Windows 8 now available, Windows 7 will be cheap - and its a LOT better than Vista. You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week. Quote Link to comment Share on other sites More sharing options...
Keyser Posted October 25, 2012 Share Posted October 25, 2012 ...................... You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week. I Strongly agree with this statment Quote Link to comment Share on other sites More sharing options...
Sam Mcgoo Posted October 25, 2012 Author Share Posted October 25, 2012 I have had a multitude of calls from the "Microsoft Windows Help Desk" , Indian call centre and yes, it's a scam but not in the way you might think. From what I've read this is an attempt to sell you some worthless anti virus software, they do this by highlighting any red x's and warning messages in the event viewer system log, anyone who knows anything about PC's will know that no matter how clean your system is these red x's will show up, they are nothing more than simple system errors. However, this could be a new scam as I just tell them to (insert profanity here) when they phone these days. Pete I had read something similar, and Caroline did say that they were showing her all the 'problems' on screen and towards the end of it asked how long she wanted to be protected for, trying to sell her protection. I just hope that's all it was. But I can't help wondering what information they could have gained while all this was going on. It was my old laptop and had a lot of financial documents/info still on it. I'm actually with JetSet on this - the scam is to sell you crap - dosn't stop them loading other bits though - one of our clients who recently fell for the same call had goto my PC installed and running on the sytem - this is not a virus so won't come up with a virus or malware scan but does mean they can log into your PC anytime - and a static IP or Dynamic makes no difference....so as Cheterfield says to be sure format nad reload. @ Sam - If it's a laptop the Vista code should be on the bottom with the licence some Laptops have a restore otion F8 or simlar on startup, this should wipe the hard drive and restore it to the day you bought it so when turned back on you will be asked to set it up again (make sure you have backups) If you have the licence codes but no restore option or install disks drop me a PM I can get you a copy of most versions to reinstall from. If you have a disk image style backup from before the hack then this should be safe to restore from. Thanks Chris for the info and offer I found a set of recovery disks and it turns out there was a recovery partition so I have restored it to factory. I'm now just waiting for the 81 important windows updates to install Or take the opportunity to upgrade to windows 7. (check your system is compatible) With Windows 8 now available, Windows 7 will be cheap - and its a LOT better than Vista. You could keep your system cleaner than the queens bathroom and have no software installed on it ever, Windows Vista will find a way of clogging itself up and running like a dog again within the week. I might just do that, I have Win 7 on my new lappo and it is far easier to use and does seem a lot quicker. Quote Link to comment Share on other sites More sharing options...
sMMAshzilla Posted November 6, 2012 Share Posted November 6, 2012 I've had loads of these phone calls. Never fallen for it, but it would easy to do so, especially if you did the "Send error report to Microsoft" just a day or 2 before. I use Windows 7 at work, and it's so much faster than XP and Vista. I mean starting up a pc in 30 seconds used to be the thing of dreams not so long ago. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.