this post was submitted on 04 Dec 2023
6 points (80.0% liked)

Cybersecurity

5677 readers
44 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

Hi, I’m not a coder etc but I’m not a complete noob with computers.

My FIL has apparently been scammed / hacked by some shithead (according to wife) who has apparently managed to get control whenever he turns his laptop on. I don’t know much more than that right now. The situation is pretty shityy because the poor old man lost EVERYTHING in recent flooding; all possessions, personal documents etc. He was given this laptop to help him get his life back together, personal admin etc.

He’s actually an OG coder and mathematician but is old enough to be vulnerable to the crap that these scum pull on the unsuspecting.

I’m wondering if there’s a way (rubberduck?) to quickly delete teamware etc as soon as the pc boots. Not sure how much admin control he has anymore.

Is there a safe mode (?) way of getting back control / kicking external admins?

Many thanks for any advice.

you are viewing a single comment's thread
view the rest of the comments
[–] skizzles@lemmy.world 9 points 11 months ago (2 children)

Try using a USB boot stick to boot into Linux and just save whatever you need from the machine and then reformat it. Since this way the machine won't automatically connect to Wi-Fi and potentially cause more issues.

That's the quickest, simplest way without needing to try to diagnose and dig into the system to see what is affected and trying to fix it.

Also what is the computer doing when it boots up? There's not really enough information being given to be able to provide any other advice.

[–] Lophostemon@aussie.zone 3 points 11 months ago (1 children)

Thanks, we might give that a go. I don’t really know what else is happening, TBH. I only heard about this briefly last night. Apparently my FIL is now being “stalked” and he’s had to change phone number etc.

[–] skizzles@lemmy.world 3 points 11 months ago

Hopping on a live USB to recover files is your safest option.

It will also give you an opportunity to scan files (with something like clam av) while running from a system other than Windows, so you're less likely to encounter any further infections. Not that Linux can't be infected, it's just much less likely and you'd be running from a flash drive and off network anyway so it's about as safe as you can get.

You would need to connect the live USB to the Internet to install clam av on the USB stick or something similar, but that can be done while using a separate machine before actually plugging into the affected machine.

I can't really offer any advice on using any software for scanning as I keep personal things on separate drives segregated from the network so if something ever did happen I'd just wipe and start over.

May be a good idea to take though. Get him a USB drive that he can store files on and disconnect when he doesn't need it.

Just some thoughts from someone that works in desktop support and has been tinkering for a little over 20 years.

Good luck!

[–] phx@lemmy.ca 3 points 11 months ago

Yeah, even if you're extremely knowledgeable with computers I do not recommend trusting the OS (or sometimes the whole device) after it's been compromised. Back stuff up, wipe, reinstall.

That or have a fresh drive installed and then a clean OS, then pop the old one on a USB enclosure and grab just what you need from it. Beware that a really nasty hacker could have invented remaining files with Trojans/malware so definitely re-download any installers rather than using the stuff from the old drive.