How to secure laptop after hacking?

eyedee

Standard Member
As is probably the case for many of us I'm my parents I.T. manager. I'm no coding/hacker expert but I know more than them about computers and that seems to have made me their tech guru. But the latest issue's left me unsure of the best course of action. My Mum rather foolishly gave someone brief remote access to my parents laptop. Before anyone decides to be too hard on her (!) she knows it was stupid, she can't believe she fell for a scam and she's pretty choked up about it right now. But she's been under immense pressure since my Dad had a stroke just before Christmas and everything's just got too much for her which led to her having a silly moment, like we all can have at various stages of life.

Anyway, an indian scumbag rang her house saying he was from BT and that he was calling because the internet was running slowly and that they needed to check the computer to fix it. As I'm sure you've gathered it wasn't BT. But it just so happens the internet IS running slowly where they are (out in the sticks) and an engineer really has been working on the telegraph pole that serves their community during the past few days. Again, this is pretty silly but, she initially agreed to follow the so called BT technician's instructions and at his request typed some code (which she can't recall) into the command prompt (CMD). She tells me that this allowed him access and he then installed a piece of software called Team Viewer - that I see is a Remote Access software solution. She gave the caller my Dad's name and told him which bank they used to pay BT. She refused to give the scammer anything else.

At that point she asked the caller exactly what he was doing and he was reticent to answer. He then put her onto his so-called supervisor who asked my Mum for her bank account details so that they could provide a refund. Fortunately for her he sounded really dodgy which further roused her suspicions (again, she's had a really hard time lately and she wouldn't normally fall victim to this kind of scam) and she said she wasn't handing over any bank details because if they were BT they'd already have her bank details on file. She then said she was hanging up at which point the scammer said: "If you do your computer will never work again". She hung up.

She rang BT who confirmed it hadn't been them that called her and that she should delete the Team Viewer software from the computer. At the advice of BT she also deleted some other programs (from the Apps list of Windows 10 I guess) which had an icon of a blue crab. One was called 'Card Reader' (so I'm told) and BT thought it sounded dodgy. I think that the blue crab icon programs could possibly have been authentic Realtec audio drivers - and so were safe - and necessary to the correct running of the laptop?

As a graphic designer since the days that Apple machines were the only logical solution (it wasn't that long ago!) I'm primarily a Mac user although I also own and occasionally use a Windows 10 laptop. I have a limited understanding of networks and remote access solutions, but I've never really needed to learn more than what I needed to know to setup my home network etc.

I advised my Mum to turn off her WiFi router and wait for me to come take a look before she does anything else. Thing is, it's a 200 mile round trip for me to visit my parents and I definitely don't want it to be a wasted trip. I'm not entirely sure how far I will need to go with their laptop to ensure it's secure and that there is no way the scammer can access their machine again.

Is there a way I can check to make 100% sure it's safe and that no changes my Mum or the scammer scum made in the Command Prompt will continue to allow the scammer remote access? Or do I have to securely format and reinstall the whole laptop (which is only 4 months old) from scratch in order to make sure it's safe?

Thanks for reading. Advice from those in the know would be greatly appreciated. :)
 

adam-burnley

Distinguished Member
There is not a great deal you can do remotely, without controlling the laptop using something like Teamviewer (ironic I know) or LogMeIn etc. You can run a vulnerability scan on the public IP address of your parents internet connection, which is possibly a dynamic IP address but usually stays the same for long enough to run scans. Have a look at Qualys, a pretty good scanner and they offer a free trial.

An external vulnerability scan will only detect open ports on the equipment at your parents house, i.e. the router / firewall and laptop. It's unlikely you will find anything untoward, but always worth checking.

It is possible that the scammer installed some malware that would make an outbound connection and send data to their servers. This wouldn't get picked up by the vulnerability scanner, but might be picked up by a malware scanner or decent AV product. There are plenty available for free from most of the leading security software companies. Have a look at Sophos and Trend, they have some good 'free' products.

In addition, you could install a packet sniffer like Wireshark. You could setup a filter to flag data packets being sent out to the Internet, but you would then have to filter down further to exclude legitimate traffic of course.

>> Is there a way I can check to make 100% sure it's safe <<

Well, the only way to be 100% sure without having a security expert on hand would be to format and reinstall Windows. If you and your parents want that peace of mind, then I'd go with that. It would probably take less time than looking for a needle in a haystack that might not even exist.

Good luck!
 

eyedee

Standard Member
Cheers Adam. Thanks for such an informative and helpful reply. I've had a chat to the folks and I think we would all be happier if I perform a format and re-install. My Dad's certain technology is all a conspiracy and personally out to get him so even knowing the laptop has had a clean format would make him happier - which would make my Mum and me happier as there'll be less moaning! lol.

Thanks again.

Nate
 

The latest video from AVForums

Toy Stories - Turning Toys into Blockbuster Movies
Subscribe to our YouTube channel
Support AVForums with Patreon

Top Bottom