Just had a call from the mother in law asking to me to speak to someone that was on the phone to her. We all hang up and then the guy rings me.

He introduced himself and it turns out it’s the Microsoft scam. I told him not to contact my MIL again and hung up.

On ringing back the MIL it turns out they’ve been on the phone for an hour 🙁 and they’ve been doing things but she’s not sure what. She only thought to ring me when he asked for payment and her credit card details.

So, I’m guessing he’s installed some malicious software on her old XP laptop (which is slow and does throw the odd error which I why I think she believed him).

What should I be running? The usual …

Malwarebytes
Spybot Search & Destroy
Windows Security Essentials

Anything else?

Thankfully she doesn’t use much other than email and facebook (both passwords already changed by me here at work) but does use internet banking. I’m assume we’re covered here due to the extra security required to log into those sites or should she be asking for new sign in details?

Oh, and will they have just installed stuff on her laptop or can they install stuff on the router?

Did they get her to go to a website and install software from there?
Did they then have access to her PC and do stuff on it?

What stuff did she tell them? No passwords I hope.

The only really likely area of risk is the PC itself, not the router but obviously as you’ve identified, they may have install some malware and may have harvested passwords and the like from the computer..

may have harvested passwords and the like from the computer..

this, get her to change any passwords on online shopping/banking/email accounts she may have where they hold card or bank details.

Router will be fine. If there was any vulnerability there, then they’d hack it remotely without needing any internal access whatsoever.

No harm in changing the admin password on that too.

I thought the big danger from this scam was the installation of key-logging software?

They are back on a roll at the monent. I had them 30m ago!

I worry about my mother and in-laws as they are moderately plausible at first. Hope your MIL is ok.

superanti-spyware too

Did they get her to go to a website and install software from there – I think so

Did they then have access to her PC and do stuff on it? – I would of thought so as the call was an hour before she finally smelt the rat

What stuff did she tell them? Don’t think she gave any passwords.

She’s phoning the banks now. I’ve changed the passwords on the sites she remembers using.

Will run all the scans when I get hold of the laptop and change router password when I’m next there.

Hope your MIL is ok.

She’s just kicking herself and hates causing (more) jobs for me to resolve.

Sounds like it’s safe for her so use the desktop in the office then?

My Mum is well briefed about these merchants 🙂

My Mum is well briefed about these merchants

Believe me, I’ve tried briefing her as well. I knew she’s a prime target. Only so many times I can brief someone though before I feel I’m becoming condescending and treating them like a child.

Just to be on the safe side I’d backup all documents that she needs, format the hard drive and re-install Windows + apps. May take a while, but should ensure that there is nothing left on the PC to mess things up.

Should speed up the PC a tad too.

Just to be on the safe side I’d backup all documents that she needs

There isn’t any…just photos. She doesn’t use it for work or anything…just browsing and a bit of shopping/banking.

I’ve had them a couple of times of late. 1st time I just kept pretending to do stuff that took a long time to see how long they’d wait on the end of a phone? Figured the longer I kept them the less they’d hassle someone else? Second time I didn’t have the patience and told them I’d rumbled them. I got a torrent of foul language in an Indian accent!

Keep meaning to put a whistle by the phone in case they call again….

I worry about my mother and in-laws as they are moderately plausible at first.

Blimey, how many wives do you have?

put a whistle by the phone in case they call again

Genius…

I usually remove the hard drive, put it in an external enclosure and do a full scan from another (safe) computer with up-to-date anti-virus.

Also run msconfig to check whats running on startup (i guess the malware/spybot stuff will do that) and make sure all broswers have any “add ons” removed.

I’d go down the format/reinstall route if she doesn’t use it for much, but then I don’t trust Windows at all (rightly or wrongly). Not sure I’d trust malware removal tools either. If they’ve started up again perhaps they’ve written something that isn’t yet detected. <reaches for tin foil hat>

That whistle idea is genious.

They usually ring during the day when I’m ‘working’ and if I’m not too busy I’ll happily keep them on the line for a while as I play dumb (oh computer say says mfconfig isn’t a recognised command, so he spells it out yet again). One spent ages trying to fix my issue connecting to the internet site he was directing me to before I said I didn’t have internet connection at home. He said I should go to Starbucks for free wifi and call him back, even left me his number. They do get seriously annoyed when the find out you’ve been wasting their time, but better that than them spending the time scamming the unsuspecting.

I would suggest copying the images off and nuking the install from orbit.

You will be around letting it restart/update for about 3 hours though I bet 😉

I once let them loose on a VM to see what they did; as well as trying to install things they ransacked the filing system, so assume that they’ve now got copies of anything they wanted on the machine. That includes stored passwords, emails and possibly even the photos. Have a think about what damage that could cause although you need to try not to scare your MIL from using the computer. These people frightened my mother so much with their tales of viruses and spyware that she now won’t use her laptop, despite my assurances.

What I do with my sister/niece is get them on Windows 8 (yeah, I know, I hate it with a vengeance), but set them up with non-admin accounts and no access to admin account – they have to call me to install anything.

You can set up non admin accounts on W7 too, what’s different on 8?

Nothing really. I begged them to have W7 not W8.

But they thought it would be ‘fun’. Now they’re complaining every time I see them about the horrendousness…

Happened to my FiL…he stopped at the same stage, ie when they asked for money.

According to some blogs I’ve looked at in the past…

They show you ‘errors’ on your computer but are just normal events logged by Event Viewer…they tell you that these are the viruses that they (as Windows or Microsoft Support) have been notified of.

Then they get you to install free software that allows them to take control of your computer so that they can investigate the virus. This software is harmless and usually freely available shareware.

You the have to share the connection details from this software and they will have access.

They’ll then tell you you have a virus and you have to pay them to remove it.

At this point they may also install malicious software such as key loggers, etc. possibly after you’ve refused to pay them.

I told my FiL to not use it till we came round for dinner the next evening, and I did a format and reinstall.

I once had a cal when I was working from home, he told me he was ‘Windows Support’ and I put on my best IT illiterate voice and said “oh no, really”…and he hung up. I lasted less than a minute…which was disappointing. I was looking forward to telling him I had a mac later in the process.

Oh, and my FiL now doesn’t have admin rights.

That’s also to protect against his friendly neighbour who kept on ‘fixing’ his laptop…such as installing Norton and other things that I had to remove every few weeks.

Time to get her a Chromebook?

EDIT: Or a fresh install of Linux. Should cope with browsing the web and looking at pictures, very unlikely to be hacked.