SOLVED Victim of Security Scam

[AlanHo]

One of my elderly friends has fallen victim to a telephone call security scam.

She was told they had detected problems on her laptop - but because she had indeed been suffering from slow internet access she thought it was her service provider. After being shown all the red markers and yellow warning triangles in the event log she was suckered into downloading some software to give them access to the computer,

After several minutes demonstrating all the problems they had "found" they asked for £65 to rid it of problems, she refused to pay and put the phone down.

Today when she switched the computer on it booted to a warning screen stating that all her files had been deleted - or some such message. It does not boot to her desktop and does not respond to mouse or keyboard inputs. Fortunately she assures me she does not have any personal stuff stored on the computer or use it for banking etc. But she is distraught that she may have lost all her photos, personal correspondence to friends and family and her collection of music.

I have asked her not to switch the computer on again and I will collect it from her on Friday to see what I can do.

The question is - what can I do.

I know enough about computers to remove the hard drive from her laptop and mount it in an external enclosure to be able to look at it from a spare Win7 computer I keep for playing around with. I have no worries about infecting my spare computer with malware - I will reformat the hard drive and use Acronis to recover its hard drive from a safe back-up after I have finished playing with the infected laptop hard drive.

 

[clifford_cooley]

Wish I could help. I've not run across this myself to know what your options may be. I could Google some results, but I'm sure you are quite capable of that yourself.

Good luck in your quest to find an answer.

 

[AlanHo]

Our friend Christine visited today and brought her crippled laptop. I spent the day trying to rescue it.

It booted up to a black screen displaying a small window which said "This computer is locked and cannot be used until you enter the password which we will provide upon payment of our technical assistance fee. You are allowed 5 attempts after which the hard drive will be deleted and cannot be recovered" There was a box awaiting the entry of the password.

This is not the same display of CryptoLocker - or any other ransomware info I found on google search.

Trying to boot into safe mode didn't work - the computer still stalled at the Ransom screen so I was not able to use a ransomware removal tool.

I then booted the computer with a Ubuntu disk which looked promising. The directory tree of the hard disk could be seen with the various sub-directories - but they were all empty. Looking at properties you could see the size occupied by each directory but not the number of invisible files it contained.

I then removed the hard drive and mounted it in an external USB drive connected to my spare Windows 7 PC.

I was surprised to see that the directory tree was visible in Windows explorer complete with the files - but the files wouldn't open without me first taking ownership of them one by one.

Having done that with all her valuable Documents, pictures and music, I copied them all to a spare 128 GB SSD to keep them for later use.
Rather than spend countless hours messing with the disc to try and get Windows and her software working - and realising that there was something really nasty hidden on there - I decided to format the disc, create two now partitions C and D and reinstall Vista from the Notebook's recovery disc which fortunately she had retained.

I then moved her documents, music, pictures, downloads and favorites folders to the D drive and copied across all her valuable data. Then I set up the internet, Malware protection, downloaded her most used software and got it all working. Her son is capable of getting her iTunes and Skype installed and working.

I have told her that she will not get the Notebook back until she buys an external hard drive for taking regular backups. I am taking her to PC World tomorrow to buy a 1TB Seagate portable USB hard drive. I have a spare licence on an older version of Acronis I no longer use. I will install Acronis and then show her how to take weekly backups.

 

[clifford_cooley]

You're the MAN!

Job well done.