Dad was working on his Ameritrade/Thinkorswim on his desktop and suddenly a pop-up appeared and said it was "Microsoft support" and his computer had been frozen due to virus, and to call them at MS Support. He did the right thing and called me before doing anything else but unfortunately I was on a call. While waiting for me to call back he convinced himself that it must be legit so he called "MS Support". of course it's a scam and they almost got him. They asked him for the first digit of his AMEX card and he gave it to them (SMH!!!). They told him China had hacked his PC and would be going for his $$$ so they wanted him to call the bank and they would help him lock his account, they would sit in on the call. Of course they would, how generous!

Anyway, his computer is now a mess!!! Screen is out of whack, large white pop-up with is first name on it and plus, according to my sister who tried to help, a huge phallic symboll!. WTF!

I am going to have to go visit him to help fix this crap... what are some of the basic things I should do/try?

I plan on rebooting in Safe Mode and see if I can restore to a previous date.
If that doesn't work, I'll try installing Malwarebytes and run that. Is that recommended?

Anything else? Any help would be greatly appreciated!

If you need a recommendation for a new, easy to use desktop that is fully equipped minus programs like office, check out these mini type pcs i recommended on another thread for an elderly lady. Extremely lightweight and quiet. Very little heat.

4c/8t cpu with 16gb ram (might be overkill depending on his program use) $339 after coupon

MINISFORUM DeskMini UM350 Mini PC AMD Ryzen 5 3550H DDR4 16GB RAM + 256GB NVMe SSD Desktop Computer, HDMI/DP/USB-C 4K@60Hz Triple Screen Support, 2.5G LAN, Radeon Vega 8 Graphics Mini Computer https://a.co/dt4DyMX

2c/4t cpu with 8gb ram - $265 after coupon

Windows 11 Pro Beelink SER3 Mini PC, AMD Ryzen 3200U Processorup to 3.5Ghz,Mini Computer with 8GB DDR4 RAM/ 256GB M.2 NVME 2280 SSD, Support 4K@60Hz/Dual HDMI+4*USB3.0/WiFi 5/BT4.0/Auto Power On https://a.co/cKz9kJH

You can also set up a remote desktop to try and help him while away in the future. Google is your friend for that.

Quote:

---

a huge phallic symboll!

---

This is why my 87 year old father does not have a computer!

Once they're in, they set up a proxy that forced all external access to route to then in the internet.

Every second it was on after he said yes, they were downloading all of this files, mail, etc. and they go thru every bit of it to exploit it and make money where possible.

Hope he unplugged fast. I've seen this happen 10x from my customer base so far.

Finally had a chance to get out to my Dad's... so here ya go. This is what I found on his two monitors.
Too many sicko hackers out there!




Anyway I was able to restore and run virus scanners & anti-malware, seems good to go.
I think what happened was he had Mcafee and it expired, so he was running Windows with nada, no virus scanner, no firewall.

lol they used paint to draw and then applied it to the background

also, gotta ask, why is the monitor upside down?

So it was some kid hackor?

TxAger said:

---

Finally had a chance to get out to my Dad's... so here ya go. This is what I found on his two monitors.
Too many sicko hackers out there!




Anyway I was able to restore and run virus scanners & anti-malware, seems good to go.
I think what happened was he had Mcafee and it expired, so he was running Windows with nada, no virus scanner, no firewall.

---

But how can you be sure that they didn't install a keystroke logger to log things like bank accounts and passwords?

DallasTeleAg said:

---

This is why I said to buy a new PC. I don't know if that was just viewed as a comedic/sarcastic response, but it is exactly what you should do.

---

I think you were absolutely right. I sure wouldn't trust the same computer to ever use it to log into any kind of banking thing again. That's just asking to have your account emptied out.

I'm always on the lookout to improve my security. Right now, I'm modifying my servers to require both an elliptic curve ssh key and a password to connect to them from outside the office. I would like to make it the ssh key and a one-time password with s/key, but haven't got that to work yet so for now, it is just the usual password. The minimum password length on my servers is currently 24 characters and the passwords are never used for any other account on any other server or web site. That makes it kind of hard to remember them and keep them straight.

And for the desktop, I'd love to switch to Qubes OS, but I only have 8 gigabytes of memory on this workstation and it can only take up to 32 gigabytes. I think that with Qubes OS, we probably need at least 64 gigabytes of memory. In the next day or two, maybe by 6 am Thursday, I expect to be running the latest Fedora Workstation and using Fedora Boxes whenever I need to log into banking and credit card sites. While it's not Qubes, being able to create a virtual machine just for connecting to banking and credit card sites should help quite a bit.

DallasTeleAg said:

---

I'm sure his PC costs less than $500... buy a new computer. Tell him to stop downloading so much pr0n.

---

If a new PC is too much, he can get some pretty good deals on used PCs on the Internet. I've bought a number of refurbished PCs for myself and others from Discount Electronics in Austin over the last few years and have had excellent results.

tlepoC said:

---

So it was some kid hackor?

---

Jeff K is back and it looks like he's HAX0RING again!!!

txyaloo said:

---

eric76 said:

---

DallasTeleAg said:

---

I'm sure his PC costs less than $500... buy a new computer. Tell him to stop downloading so much pr0n.

---

If a new PC is too much, he can get some pretty good deals on used PCs on the Internet. I've bought a number of refurbished PCs for myself and others from Discount Electronics in Austin over the last few years and have had excellent results.

---

It'd be a lot cheaper to just buy a new hard drive if they're really that scared about a rootkit or something similar.

A firmware based SSD wipe or a low level format of a magnetic disk will wipe anything that may be hanging on. Highly unlikely they could load anything to the bios/efi firmware that would be a concern necessitating a new PC.

---

Good point. I suspect that most people would be more comfortable buying a computer with the OS already installed.

• Did he change all of his passwords from a safe computer?
• He also needs to make the financial institutions aware of the issue so that any large withdrawal can be flagged and stopped. Some places are good with this, some are not. The hackers likely have his account numbers and enough personal info to make a withdrawal or wire transfer from the accounts.
• He needs to put a freeze on his credit with the credit agencies. It is free and easy to do online. Again, only from a safe computer.

If he's going to keep the computer I suggest at the very minimum to run a USB-based bootable rootkit scanner. This is different from a typical malware scan. It detects malware that loads before the OS. This type of malware loads into the system kernel and is often undetectable/unreachable from traditional malware scanners. Malwarebytes, BitDefender, McAfee, and others have free rootkit tools. It is imperative to do this.

The other thing you need to do is a fresh reinstall of Windows, not just a system restore. Backup key files (not programs) onto a USB and start from scratch. It's possible the attackers installed a legitimate remote access program on the computer that is able to evade detection. Res

Captain Positivity said:

---

It's possible the attackers installed a legitimate remote access program on the computer that is able to evade detection. Res

---

It's quite likely that they installed one or more remote access programs to allow them continued access. That is, I think, a very standard practice for them.