GRcade

I've had a call from my sister's family... to cut a long story short, they've been taken in by a computer scam.

> They bought a copy of Norton security software and, in trying to locate the Norton setup site, clicked on a fake Norton site
> They keyed in an address and phone number because they thought they were creating an official Norton account and - surprise! - someone immediately called offering to "help them set it up"
> Within moments this chap claimed that their "ip address has been hacked" and they should pay a fee of £400 to get it resolved and have "a five-year Norton protection plan"

.

Thankfully my sister called me and I told her to put the other phone down on the guy. I'm gonna go over and check it out tomorrow because it sounds like the guy gained remote access to the computer. Luckily it was a new laptop so no personal info was on the machine.

So... I've got to try and establish if any dodgy software or access has been setup on the PC. Would I be right in thinking that, providing I can correctly install the Norton software, I could then run that to determine if there is anything suspicious on it? Or is there a risk that an installed programme could track me setting up the Norton software / account?

Do it in safe mode and you should be ok. Run several different scans as well

Hyperion wrote:Do it in safe mode and you should be ok. Run several different scans as well

Good shout, Hypes - I'd forgotten about Safe mode - just checked and I hold down the Shift key whilst restarting the PC. Thanks, dude.

Tell them to stick with Microsoft Security Essentials and McAfee Site advisor. Both free and all you need. Neither slow down your computer either.

Yeah, that as well. Certainly don't extend the Norton subscription

Norton is garbage, if you need any help at the time ask Jawa. A few of us are in IT Support and should be able to lend a hand!

Just thinking here, but if it is a totally new PC why not just re-format? Although that might not help if they installed a rootkit.

Is it a branded laptop like HP or Acer or something?
If so and it's brand new then use the manufacturers built in system restore function. That'll totally wipe and reinstall the OS, so you don't need to worry about leftover software.

I'm gonna take a wild guess and say Currys PC World? They're mad on attaching Norton to new PC/Laptop sales.

Hi, all - wow, thanks for all the tips and advice!

I used to be "into" PCs but, since switching to a Mac about nine years ago, my PC knowledge has become a little rusty .

The computer is a laptop, second-hand from laptopsdirect.co.uk. I believe it has been supplied only with Windows 10 installed. I must admit that I suggested getting Norton (it was only £19 from Amazon) as I wasn't sure if any of the free options were reliable. I wanted something easy to use as my sister's family are not techies at all! When I visit I'll see if there is a restore disc (albeit I don't recall my sister mentioning one) and, if not, explore teh system restore function.

I appreciate all the tips - and the messaged links from Jamm-Master Jay! - and if I get stuck I'll pop back in here . I *think* I'm gonna be checking it out late tomorrow afternoon.

Cheers, chaps!

Maybe try to go back to a restore point if nothing is on it yet? This will already be there, no disc needed. Also, let Windows Defender do a scan.

Reinstall Windows if possible. You can never be sure of getting rid of a virus, so if the PC's new why take the risk?

Thanks, Deaths and Karl... yeah, I will explore what reset / restore options are available. I will hopefully be able to find my way through the problem, but it's amazing how operating systems are still too complex for your average non-techie person!

Os installs are easy, and msoft have a utility to make the boot media etc. You then boot to it and it's practically next next finish nowerdays.

Just make sure you have the key they used or you may have activation issues.

If it's a brand new computer just flash the whole thing back to factory condition. Just access the UEFI/BIOS and set the boot drive to recovery (most laptop manufacturers create a recovery partition with a copy of the ISO) and then boot into that, which should run a clean install.

Meep wrote:If it's a brand new computer just flash the whole thing back to factory condition. Just access the UEFI/BIOS and set the boot drive to recovery (most laptop manufacturers create a recovery partition with a copy of the ISO) and then boot into that, which should run a clean install.

You don't even need to access the UEFI/BIOS for manufacturer restore partitions, It's usually just a key during the boot up. Often F11/F10 or something they've added to the standard F8 boot menu.

Doesn't Windows 10 have a built-in facility to reinstall Windows?

rinks wrote:Doesn't Windows 10 have a built-in facility to reinstall Windows?

Good point

Errkal wrote:

rinks wrote:Doesn't Windows 10 have a built-in facility to reinstall Windows?

Good point

I may go for that option... but it depends on what other software has been installed by the seller. It looks like I may not be checking it out this afternoon - more likely to be tomorrow. I'm readying mysef for battle with techie challenges!

MSE runs by itself and requires no intervention at all Jawa. It has like 4 buttons.

The thing about Norton is its not just a cost it's a yearly cost. Over 5 years that's £100

Okay, I'm working to restore the PC. Boy-oh-boy!

> The scammer had setup a boot password so I couldn't get past that
> I reset the machine whilst holding down shift to access the reset windows option
> I started the reset option but the TPM (Trusted Platform Module) reported that some personal file data had been encrypted
> I elected not to delete the data because I am wary that system files had been encrypted
> Windows 10 is currently being re-installed (slowly)

I fear that the scammers files may still be on the machine, judging by that TPM issue. I will have to check this once the Windows install has finished. I'm thinking that, if the scammer's files are still on it, I'll have to re-start the whole process and select the TPM's delete option?