Hi, I’m not a coder etc but I’m not a complete noob with computers.

My FIL has apparently been scammed / hacked by some shithead (according to wife) who has apparently managed to get control whenever he turns his laptop on. I don’t know much more than that right now. The situation is pretty shityy because the poor old man lost EVERYTHING in recent flooding; all possessions, personal documents etc. He was given this laptop to help him get his life back together, personal admin etc.

He’s actually an OG coder and mathematician but is old enough to be vulnerable to the crap that these scum pull on the unsuspecting.

I’m wondering if there’s a way (rubberduck?) to quickly delete teamware etc as soon as the pc boots. Not sure how much admin control he has anymore.

Is there a safe mode (?) way of getting back control / kicking external admins?

Many thanks for any advice.

  • @skizzles
    link
    101 year ago

    Try using a USB boot stick to boot into Linux and just save whatever you need from the machine and then reformat it. Since this way the machine won’t automatically connect to Wi-Fi and potentially cause more issues.

    That’s the quickest, simplest way without needing to try to diagnose and dig into the system to see what is affected and trying to fix it.

    Also what is the computer doing when it boots up? There’s not really enough information being given to be able to provide any other advice.

    • @[email protected]
      link
      fedilink
      31 year ago

      Yeah, even if you’re extremely knowledgeable with computers I do not recommend trusting the OS (or sometimes the whole device) after it’s been compromised. Back stuff up, wipe, reinstall.

      That or have a fresh drive installed and then a clean OS, then pop the old one on a USB enclosure and grab just what you need from it. Beware that a really nasty hacker could have invented remaining files with Trojans/malware so definitely re-download any installers rather than using the stuff from the old drive.

    • @[email protected]OP
      link
      fedilink
      31 year ago

      Thanks, we might give that a go. I don’t really know what else is happening, TBH. I only heard about this briefly last night. Apparently my FIL is now being “stalked” and he’s had to change phone number etc.

      • @skizzles
        link
        31 year ago

        Hopping on a live USB to recover files is your safest option.

        It will also give you an opportunity to scan files (with something like clam av) while running from a system other than Windows, so you’re less likely to encounter any further infections. Not that Linux can’t be infected, it’s just much less likely and you’d be running from a flash drive and off network anyway so it’s about as safe as you can get.

        You would need to connect the live USB to the Internet to install clam av on the USB stick or something similar, but that can be done while using a separate machine before actually plugging into the affected machine.

        I can’t really offer any advice on using any software for scanning as I keep personal things on separate drives segregated from the network so if something ever did happen I’d just wipe and start over.

        May be a good idea to take though. Get him a USB drive that he can store files on and disconnect when he doesn’t need it.

        Just some thoughts from someone that works in desktop support and has been tinkering for a little over 20 years.

        Good luck!

    • @RubberElectrons
      link
      English
      61 year ago

      This works, even if you disconnect your home router temporarily.

      I’d strongly recommend using an external boot disk to save your important documents. Beware of any zips or executables within those directories you’re backing up, they also may have been modified. You can also just pull the hard drive out and stick it into a USB hdd adapter and plug it in like it’s a regular flash drive. Again, be careful or you may infect your personal system as well.

    • @[email protected]OP
      link
      fedilink
      21 year ago

      This occurred to me as I typed the original query. I wonder how much control the guy has and whether we can even get into the files.