Microsoft Scam issues!

[TheOtherOption]

Turns our my dad has taken a call from India this morning and they've had him go through the steps on the PC to show error messages etc (classic scam stuff) and they then installed some kind of remote access software which they were in the middle of using when I came in and told him to hang up and turned off the PC!

Now the issue I have currently is that I've restarted the PC without the network cable plugged in just in case and it's now asking for a windows login password - when that PC never had one ... it just goes straight to the desktop.



Does that look like something the person on the phone might have installed to lock the PC as some kind of ransom?

 

[sjcf1]

If they haven't set an admin password you can boot into safe mode, then login using the admin account and reset any password set from there. Assuming they've used the standard windows account password feature.

 

[TheOtherOption]

I rebooted into safe mode and the same thing happens - that image is in fact from safe mode.

So it doesn't appear as though we can get into the PC at all at the moment :/

 

[Glaucus]

I would want to do a format anyway, who knows what he downloaded.

Don't suppose his files are even backed up on skydrive or similar either.
And upgrade his os anyway, it's not the most secure these days and he needs his Os locking down if he fell for these things, far more options on newer OSs.

 

[Deleted member 77746]

take drive out slave it get data off and format.

 

[bledd]

Chuck Linux Mint on a disc and boot from that to recover his files onto a usb hard drive (or similar)

Then reinstall Windows, this type of SAM password is not worth trying to fix imo, it can just screw your accounts up big time.

 

[TheOtherOption]

Cheers guys - I'd forgotten about the linux on a disk option - will get straight on that to back stuff up!

He has an external hdd that has various things backed up to it so not the end of the world but there are still some bits and bobs that would need pinching off the borked install.

 

[Orcvader]

Sheesh, I didn't know this scam was still around. My Mum almost fell for this but I managed to stop it before any major damage was done...

But yes, I would suggest using Linux to back up, then do a complete fresh install. Who knows what the scammers did to the PC... The real question is, did they charge your Dad for "security software"?

 

[TheOtherOption]

Thankfully no financial details were exchanged so that's a non issue but they had apparently started explaining the various option for 3 and 6 years cover plans so it was close!

Just downloading Linux Mint now - I do have a copy of Slax on disc somewhere but it's very old now so might as well get this newer version of Mint.

 

[bignev72]

Just boot off a hirens boot CD. Reset the password of the administrator account and then login with this.

Remove any other user accounts which don't look correct. Also uninstall any software you're not sure about from add/remove programs.

Then run Malwarebytes and Combofix to remove any remnants of viruses/spyware.

No need to rebuild.

 

[Anon-e-mouse]

I would go for the Hirens Boot CD option as well. There's a couple of programs on it that will find the admin password, or allow you to reset it.

Once reset, you can log in as admin and reset (or remove) the passwords on the other accounts.

Then I would get what files/data you can, and nuke that install from orbit.

 

[Bane]

Could do with people submitting details to something like Watchdog so it gets exposure on TV. As too many people fall for it.

 

[Ryan-3]

I've seen this on a few of those programmes before, but they still seem to be effective.

 

[TheOtherOption]

Will look into this Hirens Boot CD thing for backing up / restoring things but dad went and bought a new windows 8 pc - more out of guilt than anything else I think hahaha - means I can clean up the old PC and sell off the parts