Internet scammer accessed my Nan's computer remotely and changed her password - what are my options

[Rhys_C]

Hi I hope you can help me.

A few days ago my Nan (in her 80's) was cold called my "Microsoft"... and she let the scammer have access to her PC via remote control. At this point she rang me and I told her it was a scam. By the time i got over to her house the scammer had changed her Windows 7 Password and locked her out of her own machine.

She only uses her Windows 7 computer to email friends and save photos.

What are my options here? My initial thought would be to format her hard drive but she will lose any saved photos. (there are no backups)

She only has one admin account on her computer and it originally had no password required to log in as she kept on forgetting it (bless her)...

Is there anything i can do to gain access to the machine? Or is my only real option to format everything? I don't have any Windows 7 install discs or any activation codes so if i do format the PC will i need to buy a new OS licence?

Thanks..

TL;DR My 80+ year old Nan almost got scammed but before they took money from her they changed per windows 7 PW and locked her out. What can i do?

 

[USAFRet]

1. Unplug that PC from any online connection. Do this now.

2. From a known clean PC, change ALL of the passwords that have ever been used on that system

3. A full wipe and reinstall is what is needed on this compromised machine. No other option.

If you have another PC, and maybe a USB SATA dock, you could take the drive out of the compromised machine and save off any pictures.

But that machine or drive must not be connected to anything online until it is wiped clean and reinstalled.

4. This is the time most people start thinking about actual backups. 5 minutes after they really need it.

 

[gareththegiant]

first thing unplug it from the network or take out the wireless card so even if you turn it back on the scammer will have no access.

If you have one of these

https://www.amazon.co.uk/dp/B075ZF845X/ref=sspa_dk_detail_0?psc=1&pd_rd_i=B075ZF845X&pf_rd_m=A3P5ROKL5A1OLE&pf_rd_p=4626924922328453483&pf_rd_r=Z8R1VS0565NXQX4R7NEC&pd_rd_wg=xDj2W&pf_rd_s=desktop-dp-sims&pf_rd_t=40701&pd_rd_w=zNzen&pf_rd_i=desktop-dp-sims&pd_rd_r=9f521450-5829-11e8-96d1-59781180b59c

you can plug her drive into your PC easily then access all the files and copy her pic etc. then to be safe i would format and rebuild. does her PC case have a windows activation code on it on a sticker if it does you can reuse this.

 

[Evvvvv]

Hi I hope you can help me.

A few days ago my Nan (in her 80's) was cold called my "Microsoft"... and she let the scammer have access to her PC via remote control. At this point she rang me and I told her it was a scam. By the time i got over to her house the scammer had changed her Windows 7 Password and locked her out of her own machine.

She only uses her Windows 7 computer to email friends and save photos.

What are my options here? My initial thought would be to format her hard drive but she will loose any saved photos. (there are no backups)

She only has one admin account on her computer and it originally had no password required to log in as she kept on forgetting it (bless her)...

Is there anything i can do to gain access to the machine? Or is my only real option to format everything? I don't have any Windows 7 install discs or any activation codes so if i do format the PC will i need to buy a new OS licence?

Thanks..

TL;DR My 80+ year old Nan almost got scammed but before they took money from her they changed per windows 7 PW and locked her out. What can i do?

First thing you do is, remove internet connection.
https://answers.microsoft.com/en-us/windows/forum/windows_7-security/locked-out-of-my-computer/054af69f-a5bf-4115-9b87-02379db48475
then read this

 

[gareththegiant]

Can get an ISO from here

https://www.microsoft.com/en-gb/software-download/windows7

 

[Rhys_C]

1. Unplug that PC from any online connection. Do this now.

2. From a known clean PC, change ALL of the passwords that have ever been used on that system

3. A full wipe and reinstall is what is needed on this compromised machine. No other option.

If you have another PC, and maybe a USB SATA dock, you could take the drive out of the compromised machine and save off any pictures.

But that machine or drive must not be connected to anything online until it is wiped clean and reinstalled.

4. This is the time most people start thinking about actual backups. 5 minutes after they really need it.

Thanks for the reply.

Regarding point 1: the first thing i did was remove all network connections and power from the machine. It hasn't been tuned on since.

Point 2: Please can you elaborate? Do you mean from a clean PC (my one at home for example) change any passwords to any sites that she may have logged into?

Point 3: In regard to taking out her HDD, could i have any risk to my own machine if i was to connect this HDD to my PC and try to retrieve data? Are there any "safer" ways to do this?

Point 4: I personally follow the 3 2 1 backup rule with important data. I will have to start backing up my Nan's data in the future.

Once again thanks for the information.

 

[USAFRet]

Thanks for the reply.

Regarding point 1: the first thing i did was remove all network connections and power from the machine. It hasn't been tuned on since.

Point 2: Please can you elaborate? Do you mean from a clean PC (my one at home for example) change any passwords to any sites that she may have logged into?

Point 3: In regard to taking out her HDD, could i have any risk to my own machine if i was to connect this HDD to my PC and try to retrieve data? Are there any "safer" ways to do this?

Point 4: I personally follow the 3 2 1 backup rule with important data. I will have to start backing up my Nan's data in the future.

Once again thanks for the information.

1. OK

2. Yes. From some other machine.

3. That's why I recommend a USB SATA dock. That drive gets connected only after the good system is actually running. Whatever may be on the affected drive never has a chance to run.
Of course, you need to be REALLY careful about what stuff you access and copy from it.
If there is nothing really, really critical on it...skip this step and just proceed to a full nuking of the drive and reinstall.

 

[gareththegiant]

1. Unplug that PC from any online connection. Do this now.

2. From a known clean PC, change ALL of the passwords that have ever been used on that system

3. A full wipe and reinstall is what is needed on this compromised machine. No other option.

If you have another PC, and maybe a USB SATA dock, you could take the drive out of the compromised machine and save off any pictures.

But that machine or drive must not be connected to anything online until it is wiped clean and reinstalled.

4. This is the time most people start thinking about actual backups. 5 minutes after they really need it.

Thanks for the reply.

Regarding point 1: the first thing i did was remove all network connections and power from the machine. It hasn't been tuned on since.

Point 2: Please can you elaborate? Do you mean from a clean PC (my one at home for example) change any passwords to any sites that she may have logged into?

Point 3: In regard to taking out her HDD, could i have any risk to my own machine if i was to connect this HDD to my PC and try to retrieve data? Are there any "safer" ways to do this?

Point 4: I personally follow the 3 2 1 backup rule with important data. I will have to start backing up my Nan's data in the future.

Once again thanks for the information.

2. Yes change all the passwords that she will have used from that PC. cant be too safe.

3. There is not really a safer way. make sure the PC you plug it into is disconected from internet and run a virus check once you have finished.

 

[gareththegiant]

First thing you do is, remove internet connection.
https://answers.microsoft.com/en-us/windows/forum/windows_7-security/locked-out-of-my-computer/054af69f-a5bf-4115-9b87-02379db48475
then read this[/quotemsg]

Thanks Ill read into it, only issue is at first glance i have no discs at all, no installation DVD or recovery discs.[/quotemsg]

Does her PC have a Activation key sticker on it

 

[Rhys_C]

Hi I hope you can help me.

A few days ago my Nan (in her 80's) was cold called my "Microsoft"... and she let the scammer have access to her PC via remote control. At this point she rang me and I told her it was a scam. By the time i got over to her house the scammer had changed her Windows 7 Password and locked her out of her own machine.

She only uses her Windows 7 computer to email friends and save photos.

What are my options here? My initial thought would be to format her hard drive but she will loose any saved photos. (there are no backups)

She only has one admin account on her computer and it originally had no password required to log in as she kept on forgetting it (bless her)...

Is there anything i can do to gain access to the machine? Or is my only real option to format everything? I don't have any Windows 7 install discs or any activation codes so if i do format the PC will i need to buy a new OS licence?

Thanks..

TL;DR My 80+ year old Nan almost got scammed but before they took money from her they changed per windows 7 PW and locked her out. What can i do?

First thing you do is, remove internet connection.
https://answers.microsoft.com/en-us/windows/forum/windows_7-security/locked-out-of-my-computer/054af69f-a5bf-4115-9b87-02379db48475
then read this

First thing you do is, remove internet connection.
https://answers.microsoft.com/en-us/windows/forum/windows_7-security/locked-out-of-my-computer/054af69f-a5bf-4115-9b87-02379db48475
then read this

Thanks Ill read into it, only issue is at first glance i have no discs at all, no installation DVD or recovery discs.[/quotemsg]

Does her PC have a Activation key sticker on it[/quotemsg]


I will have to open the machine and look for an activation code. The PC was prebuilt when she purchased it so fingers crossed!

 

[smorizio]

my 80 year old dad did the same thing. make sure she calls her bank and puts a hold on any online transfers. she may want to close out or have the bank change her checking and savings accounts if she does online banking. pull up a free credit report from all three credit reporting people. pay from a credit block on the account...dont want them to amke new credit cards in her name.

 

[smorizio]

dell or hp the code on the bottom of the unit or on the inside doors.

 

[Rhys_C]

my 80 year old dad did the same thing. make sure she calls her bank and puts a hold on any online transfers. she may want to close out or have the bank change her checking and savings accounts if she does online banking. pull up a free credit report from all three credit reporting people. pay from a credit block on the account...dont want them to amke new credit cards in her name.

Thanks I got her to call the bank straight away she also reported it to the police cyber crime. So fingers crossed if any financial information was stolen this will be stopped.

 

[Rhys_C]

Thanks for the reply.

Regarding point 1: the first thing i did was remove all network connections and power from the machine. It hasn't been tuned on since.

Point 2: Please can you elaborate? Do you mean from a clean PC (my one at home for example) change any passwords to any sites that she may have logged into?

Point 3: In regard to taking out her HDD, could i have any risk to my own machine if i was to connect this HDD to my PC and try to retrieve data? Are there any "safer" ways to do this?

Point 4: I personally follow the 3 2 1 backup rule with important data. I will have to start backing up my Nan's data in the future.

Once again thanks for the information.

1. OK

2. Yes. From some other machine.

3. That's why I recommend a USB SATA dock. That drive gets connected only after the good system is actually running. Whatever may be on the affected drive never has a chance to run.
Of course, you need to be REALLY careful about what stuff you access and copy from it.
If there is nothing really, really critical on it...skip this step and just proceed to a full nuking of the drive and reinstall.

If i was to use the USB SATA dock to access the drive, what exactly would i see? What i mean is, as hard drive would be her OS boot drive and also a storage drive. Will i be able to copy the the photos that are saved here to my own PC? Sorry for my vague questions, i haven't used a dock like this before.
Thank you

 

[USAFRet]

If i was to use the USB SATA dock to access the drive, what exactly would i see? What i mean is, as hard drive would be her OS boot drive and also a storage drive. Will i be able to copy the the photos that are saved here to my own PC? Sorry for my vague questions, i haven't used a dock like this before.
Thank you

That drive would appear as just another drive letter.
D, E, F...You'd access it in File Explorer just like any other secondary drive.

To access the pictures and folders they live in, you'll probably have to Take Ownership. Thisis due to those things being under the original NTFS user account.
https://technet.microsoft.com/en-us/library/ff404240.aspx

 

[Rhys_C]

If i was to use the USB SATA dock to access the drive, what exactly would i see? What i mean is, as hard drive would be her OS boot drive and also a storage drive. Will i be able to copy the the photos that are saved here to my own PC? Sorry for my vague questions, i haven't used a dock like this before.
Thank you

That drive would appear as just another drive letter.
D, E, F...You'd access it in File Explorer just like any other secondary drive.

To access the pictures and folders they live in, you'll probably have to Take Ownership. Thisis due to those things being under the original NTFS user account.
https://technet.microsoft.com/en-us/library/ff404240.aspx

That's great information thanks for this!
Just an idea, what would be your opinions of slaving this HDD? Would i be able to recover data this way? Also doing this is there a risk to my PC?

 

[USAFRet]

That's great information thanks for this!
Just an idea, what would be your opinions of slaving this HDD? Would i be able to recover data this way? Also doing this is there a risk to my PC?

"slaving"?
Do you mean cloning it? If so...DO NOT DO THAT.

You ONLY want your Nan's personal docs and pictures. Everything else is suspect and needs to be deleted.
Even the pics and docs are suspect.

If you meant something else with "slaving", please elaborate.

 

[Rhys_C]

That's great information thanks for this!
Just an idea, what would be your opinions of slaving this HDD? Would i be able to recover data this way? Also doing this is there a risk to my PC?

"slaving"?
Do you mean cloning it? If so...DO NOT DO THAT.

You ONLY want your Nan's personal docs and pictures. Everything else is suspect and needs to be deleted.
Even the pics and docs are suspect.

If you meant something else with "slaving", please elaborate.

Yes you are correct thanks for this.

Ok just a final thing, so from your help i what i need to do now is to buy a USB SATA dock, insert the corrupt HDD and take the data off. Then with a new HDD run a fresh windows install and scrap the old one. Is there anything else you would recommend?

Thanks

 

[gareththegiant]

Just when you dispose of the old HDD shove a drill through it.

 

[USAFRet]

Yes you are correct thanks for this.

Ok just a final thing, so from your help i what i need to do now is to buy a USB SATA dock, insert the corrupt HDD and take the data off. Then with a new HDD run a fresh windows install and scrap the old one. Is there anything else you would recommend?

Thanks

If you're going to dispose of the old drive...Fridge Magnet Donor!
Then toss the remains.

 

[smorizio]

if the old drive is still working fine all you need to do is wipe it and reload.

 

[hang-the-9]

The way I deal with suspect drives is to boot them off a Linix Live disk, with the main drive unplugged (if you don't have a second junk system to use), attach the drive you are working on with a USB dock. that way, there is nothing to infect and you can copy the files over. Then can run a virus scan on them using that same boot disk. You would need a second USB drive to copy the files to.