Sister call the number

Status
Not open for further replies.
W

WhyMe

Joined
Dec 18, 2012
Messages
1,327
Location
Washington for now
my sister got one of the infected pop ups. She called the number and they remoted it. When they asked for money she hanged up. The nshe calls me.

So i am not sure exactly what to do to help her . i assume that when they remoted it they put something in it. not sure though. i told her to change all her passwords and stuff from her accounts etc. told her to do a scan with defender and nothing came up.

anyone knows what happens in these situations and how to rectify it on her computer if needed?

thanks
 
They could have done anything after she let them remote in. You couldn't even enumerate everything they could have done that we know about or don't know about. What happens next depends on how the machine is used.

If she does anything even remotely sensitive where she stores or sends sensitive information or PII (Personally Identifiable Information), there's no way to trust anything that happens on that machine any more. Once it's contaminated, it's contaminated, sorry. The only safe option is to disconnect it from the internet, back everything up and nuke it from orbit and start over with a fresh install of the OS. It sucks but it was stupid of her to believe a pop-up so it's a lesson learned.

Anything less is rolling the dice. If this were a machine on a corporate network for example, nobody's taking that chance of rolling that dice if an incident like this occurs.

Also in order for them to have remoted in, they either installed something and depending on the OS, they had her turn on the ability to remote if she had it off (but she probably left it as it was; on by default). She should probably turn that off if she's not nuking it.

Their primary goal was to make money by tricking her into "buying" unnecessary services, but who knows what else they have as a backup plan?
 
Originally Posted By: WhyMe
my sister got one of the infected pop ups. She called the number and they remoted it. When they asked for money she hanged up. The nshe calls me.

So i am not sure exactly what to do to help her . i assume that when they remoted it they put something in it. not sure though. i told her to change all her passwords and stuff from her accounts etc. told her to do a scan with defender and nothing came up.

anyone knows what happens in these situations and how to rectify it on her computer if needed?

thanks



Wipe the hard drive and do a new fresh install of the operating system.
Advise her, her friends, family members ect, if it ever happens again, dont even read the pop up, shut off the power to the computer right away by holding down the power button or just pull out the darn plug.

To teach people, ask them why they would listen to someone who randomly shows up on their computer screen and tells them to do something .. and people listen!
 
If they remoted in for real I would definitely

1) change all account passwords
2) have someone backup data if any and then wipe and reinstall operating system.

Alternatively if she wants a new computer good time.
 
oh yeah they were in her computer for sure . i am going to head over to her house later and check it out

i always thought these things happened to less educated people, but i guess anyone can fall for it. she has a master degree and works for a large health provider,but when the popup showed up she panicked

i just hope nothing was compromised
 
Last edited:
depending on how aggressive/malicious they were, they could have setup syskey with a password, installed additional remoting-in software, etc.. It can really just depend on the person she spoke to.
 
update

went to her house and took a look. she downloaded app that remoted it. i deleted it and then did a wipe form the restore on win 10. hopefully that fixes any issues.

i hope that the end of it and nothing was comprimised. it was odd as there was a file that had all her email misc stuff with pw on it.
 
A family member recently fell for a scam on AOL which ended up with someone remoting in.

The guy sounded pretty much like this man:

AOL phishing page leads to fake tech support

I was recently called to the computer when the person was showing me the router password which kinda freaked me out. I bought a new router which was good timing since the one I had was on the VPN Malware list. Changed passwords. Then had her use a different computer with fresh install of Windows 7. As soon as she started reading emails on AOL she got the Infected Computer pop up message that covered the whole screen. She uses Firefox and uBlock Origin took care of the malicious pop-ups.
 
Originally Posted By: madRiver
If they remoted in for real I would definitely

1) change all account passwords
2) have someone backup data if any and then wipe and reinstall operating system.

Alternatively if she wants a new computer good time.

Change all account passwords AFTER wiping the machine.
 
Originally Posted By: Subdued
Originally Posted By: madRiver
If they remoted in for real I would definitely

1) change all account passwords
2) have someone backup data if any and then wipe and reinstall operating system.

Alternatively if she wants a new computer good time.

Change all account passwords AFTER wiping the machine.


i had her disconnect from the internet right away. then i told her to log on to accounts from her sons laptop to change all the passwords. only reconnected back to the net on the infected comp after we did the wipe and reinstall
 
Originally Posted By: WhyMe
oh yeah they were in her computer for sure . i am going to head over to her house later and check it out

i always thought these things happened to less educated people, but i guess anyone can fall for it. she has a master degree and works for a large health provider,but when the popup showed up she panicked
There is computer savvy and not....
Panicking is never a good idea, nor believing a rogue pop-up. Far worse was actually calling the number AND giving them access to her machine. Hopefully, she'll never, ever do that again.
 
Status
Not open for further replies.

Similar threads

y_p_w
restaurant industry and "social media influencer" collaborations?
Replies
19
Views
494
kschachn
C
I've got a plumbing problem
4 5 6
Replies
107
Views
2K
Chris142
A
  • Locked
FBI - Billion Dollar Scam emptying elderly retirement accounts.
2 3
Replies
43
Views
1K
Astro14
Dborch41
Nissan Frontier random surge/stall.
Replies
12
Views
410
Dborch41
mrsilv04
  • Locked
My sister *and* the police, both unknowingly walked in on a robbery in progress.
2
Replies
28
Views
1K
eljefino
Back
Top Bottom