Mother-in-law fell for a "Windows support" scam. Can I save her laptop?

0

My mother-in-law fell for a Windows scam. Apparently a window popped up telling her that her computer had a virus, and she should call this number where they would clean it up for her. To cut a long story short, she gave them her credit card number and enabled remote access.

Credit cards have now been cancelled and we're going to (on another computer) change mother-in-law's password for every web service.

The laptop is now shut down and in my physical possession. I do not want to boot it up: they could have installed anything (trojans, keyloggers), which even Avast may not be able to defend against, right?

My plan is to remove the hard drive, mount it on another machine, and copy off any important files.

After that, what's the safest way of resurrecting it? Can I reinstall Windows on the drive without first booting it up? Or is it safe to boot up for the sole purpose of initiating a factory reset?

What other steps should I be considering?

Graham Borland

Posted 2016-05-21T20:56:22.820

Reputation: 321

Question was closed 2016-05-23T11:36:29.453

Just don't let Windows load up and do the factory reset with the built-in functionality from the BIOS, etc. Or boot to the Windows CD, wipe the drive, then reinstall Windows. Otherwise, boot it up with not Internet access if possible and then select the options you need to do the factor reset. The factory reset should wipe everything clean but I personally wipe everything from the entire HD and install fresh everything after a full format. – Pimp Juice IT – 2016-05-21T21:04:16.450

2Clean install windows 10 – Moab – 2016-05-21T21:11:09.550

May I suggest; once the machine is back up and running do a Windows Image Backup and save that to a dedicated hard drive that is left unplugged unless needed to restore the PC, should that be necessary in the future. And of course, also create a Recovery Boot drive and keep that in a safe place! Also learn which Function key to press when booting over that boot drive, check your pc maker for that info! – the original mike western – 2016-05-21T21:30:07.903

1The likely hood of the files being encrypted is very high – Ramhound – 2016-05-21T23:03:21.870

Answers

0

Your plan sounds reasonable. If you can mount it as a non-system drive, you reduce chances of malware propagating. As was mentioned, there is a likelihood the files and/or OS have been encrypted. If so, investigate the various types of ransomware that have been been cracked, e.g. Petya, CryptoLocker or other known type; perhaps it can be salvaged.

In any event, salvage any documents you can, but abandon any executables.

Finally, if it were my drive, I would then completely format it and put on a new OS from scratch. If you can obtain valid Windows installation media, reinstall from that. However, when a friend fell victim to such a ransomeware scam, after I showed him how user-friendly Ubuntu was, and how similar to his previous Windows OS, he felt comfortable switching to that Linux flavor. Ubuntu also comes with LibreOffice suite, Thunderbird and Firefox, so if you mother likes those applications, it is far faster to install than Windows plus MS Office.

DrMoishe Pippik

Posted 2016-05-21T20:56:22.820

Reputation: 13 291

Asked: 2016-05-21T20:56:22.820

Viewed: 113 times

Active: 2016-05-22T01:24:09.077