I have an elderly client who has had someone hi-jack her PC twice now. They will call her saying they are from MS and then begin messing around on her PC. I asked her if they call first and then walk her through a process to get them connected? She said she did not do that either time.
After the first incident roughly 2 months ago, I had her bring me the laptop and I scanned and cleaned it with everything available (hitman, malwarebytes, avg on boot, combofix, adwcleaner, etc....). The machine worked great and no signs of lingering infections. Well, she calls me a couple days ago saying she got hi-jacked again! I asked what happened and apparently said they were from MS again and they were right back on her PC without any assistance from her. I'm not quite sure how they are getting on without her assistance and even after I cleaned everything up. That's how the scams usually work is they call saying they are from MS and the machine is infected and they need the customer to help connect them.
Does anyone know if it's possible that they could have changed something in the router or modem to allow them access to machines on their network? I have not had a chance to go to the woman's house, but after having cleaned that machine and finding no traces anywhere where they could use to remote into her machine, I'm kind of lost. I was going to do a file backup and factory restore but I'm afraid it will keep happening. I kind of feel like I'm not getting the whole story from her...
*The only other thing I can think of is possibly she is typing in a wrong address to a website and it runs a script that connects the scammer. She has said she broke her wrist a long time ago and has troubles carrying things...maybe it affects her typing too...?? It's just strange that they can connect without her help and then call her as soon as they get on...
After the first incident roughly 2 months ago, I had her bring me the laptop and I scanned and cleaned it with everything available (hitman, malwarebytes, avg on boot, combofix, adwcleaner, etc....). The machine worked great and no signs of lingering infections. Well, she calls me a couple days ago saying she got hi-jacked again! I asked what happened and apparently said they were from MS again and they were right back on her PC without any assistance from her. I'm not quite sure how they are getting on without her assistance and even after I cleaned everything up. That's how the scams usually work is they call saying they are from MS and the machine is infected and they need the customer to help connect them.
Does anyone know if it's possible that they could have changed something in the router or modem to allow them access to machines on their network? I have not had a chance to go to the woman's house, but after having cleaned that machine and finding no traces anywhere where they could use to remote into her machine, I'm kind of lost. I was going to do a file backup and factory restore but I'm afraid it will keep happening. I kind of feel like I'm not getting the whole story from her...
*The only other thing I can think of is possibly she is typing in a wrong address to a website and it runs a script that connects the scammer. She has said she broke her wrist a long time ago and has troubles carrying things...maybe it affects her typing too...?? It's just strange that they can connect without her help and then call her as soon as they get on...
Facebook
Twitter