0

My Grandad was having trouble logging into his Gmail account yesterday. He managed to find and call the "Google tech support helpline", who claimed to be from Google and claimed that his account has been hacked several times and they needed to remote access into his computer to "clean out the viruses". They also told him to leave his machine on for the rest of the day while they were connected through remote access so they could continue their work.

They said they would call again today to continue the "work" and sort out his issues with logging in to his account and provide him with a bill for their services. I'm surprised they didn't try and bill him yesterday, which makes me think they won't call today and their aim was simply to infect his machine.

Luckily, he contacted me about this and I've told him to leave his computer off for now and not to get in touch with them again.

The question is, what would be the best way to secure his computer now? I expect a simple "Reset Windows" from within his computer won't be enough to ensure that there is nothing malicious remaining on his machine - considering the attackers had remote access.

I believe he upgraded to Windows 10 from a previous version so he doesn't have a licence key - if I reinstall from a clean Windows 10 installer made from another machine, will it recognise his hardware and automatically activate Windows?

There's also the files - he has a large amount of music and photos which would need to be recovered (no backups available). Would an antivirus scan from a Linux machine suffice?

texasflood
  • 111
  • 4
  • 1
    The fact that he called them and not the other way around makes me very less suspicious about them being harmful. I would run malware bytes to look for anything bad and go through add-remove programs to see anything new installed that does not belong. Scammers are usually the ones that call, not wait for business to come to them. – LPChip Jun 12 '20 at 07:05
  • 1
    @LPChip It's a positive sign, but a quick google of the number he called (0800 0465071) shows a large number of posts on various social media sites claiming to provide technical on everything from Xerox printers to AVG antivirus. It is an unconventional mode of attack, but I am sure they are malicious (https://who-called.co.uk/Number/08000465071), given the remote access. If they had remote access, why would they stop at installing a small bit of malware? Especially as they told him to leave his machine connected for the rest of the day with remote access enabled. – texasflood Jun 12 '20 at 07:19
  • Yeah, that is a good point. Then again, they may be legit. I can't tell for sure given I'm not from your country. Deleting the partitions and installing windows from scratch is definitely going to get you a fresh start with no residual traces though... but you should make backups first. – LPChip Jun 12 '20 at 07:22
  • 2
    If you don't trust them & they had unsupervised access all day, the **first** thing to do is change passwords for **everything** that could have been accessed from that machine. – Tetsujin Jun 12 '20 at 07:26
  • @LPChip Check this out https://who-called.co.uk/Number/08000465071 – vssher Jun 12 '20 at 07:30
  • @vssher that link is not accessible to me. I think it only works for people in the uk. – LPChip Jun 12 '20 at 07:33
  • @LPchip I am in South Carolina, U.S.A. Peace... ;-) – vssher Jun 12 '20 at 07:39
  • Then I don't know why it doesn't work. – LPChip Jun 12 '20 at 07:53
  • @LPChip Thanks, yeah I think that's what I'll do, but I'm just wondering whether once I've deleted everything and reinstalled Windows from a separate copy - will Windows be activated? As he doesn't have a licence key – texasflood Jun 12 '20 at 08:28
  • @Tetsujin Yeah good point, I've told him to do this already from his mobile – texasflood Jun 12 '20 at 08:29
  • 1
    For people who can't access the link - it basically has a few posts which say things like "supposed avast support team... scam" and "probably it's a fake support number". There are also a couple of messages that say something like "best technical toll free number for uk users" which I imagine are from the scammers themselves – texasflood Jun 12 '20 at 08:32
  • 1
    **Your grandfather called a fake Google technical support.**. Google doesn’t offer technical support. Windows 10 supports Fresh Start, I highly recommend it, backup important files before you use it. **A Windows 10 license key isn’t required to reinstall Windows 10.** I flagged this question as a duplicate of a similar question, in the answer to that question, I explained the process to reinstall Windows 10. I actually recommend Fresh Start or Reset if you are able to walk him through the process[.](https://superuser.com/questions/1256581) – Ramhound Jun 12 '20 at 09:42

1 Answers1

2

You can make a Windows Defender Offline USB stick from you computer. Just pick the right 32 or 64 bit kit: https://support.microsoft.com/en-us/help/17466/windows-microsoft-defender-offline-help-protect-my-pc Then go and scan grandpa's PC. I would make a clean install (upgrade to Windows 10 gives you a digital license which reactivate itself once connected to internet) and set new passwords and just copy the needed files (music and photos). If you decide to do so, then download the ISO from https://www.microsoft.com/en-us/software-download/windows10ISO usig a linux computer or if from Windows then in Firefox go to

about:config

and change/add "general.useragent.override" to "Mozilla/5.0 (Android 4.2.2; Tablet; rv:47.0) Gecko/47.0 Firefox/47.0" then if you access the above link you can download the needed ISO, again take care to select the correct Home or Pro edition, bitness doesn't matter.

To put the ISO on another USB stick use rufus or follow this link: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/install-windows-from-a-usb-flash-drive

user2380383
  • 327
  • 1
  • 10