My grandma fell for a phone scam. She allowed the person to gain access to her laptop and now locked

Discussion in 'Windows OS and Software' started by mnd99, Dec 9, 2019.

  1. mnd99

    mnd99 Notebook Consultant

    Reputations:
    26
    Messages:
    163
    Likes Received:
    16
    Trophy Points:
    31
    So she is pretty embarrassed about this. A guy calls and tells her he is trying to help her cancel her subscription and give her a refund. He convinces her to go to teamviewer and install the app and give him access to her laptop all the while expertly avoiding her questions. Social engineering 101 really. It was at the point when he asked who do you bank with and went to the bank website that she kinda caught on something wasn't right. She hangs upon him. He calls her back and pretty much was nasty with her told her he will lock her out if she doesn't give him bank info. She hangs up thinking it's all done all the while teamviewer is still running. Fast forward later, her windows password doesn't work and she can't get in. We know we are screwed. The question she has lots of family pics and some docs. Anyway to retrieve those files? If we get the hdd out or something like that? Help?

    It's an inspiron 3521 running windows 10.
     
  2. KING19

    KING19 Notebook Deity

    Reputations:
    148
    Messages:
    774
    Likes Received:
    313
    Trophy Points:
    76
    I hate phone scammers/robo calls, they always try to scam old people because they're easier to scam and my parents get calls from them a lot. Your grandmom should never answer calls from people she dont know. Luckily she caught on before the scammer drained her bank account.

    You can bypass the login if you have a Windows USB/Disc
    https://www.top-password.com/guide/bypass-windows-password.html

    Otherwise you would have to take it to a computer store and pay a fee and they'll remove the password.
     
    hmscott likes this.
  3. Jdpurvis

    Jdpurvis Notebook Evangelist

    Reputations:
    73
    Messages:
    385
    Likes Received:
    92
    Trophy Points:
    41
    Unless it's been upgraded, this machine has a 500 GB HDD, with an SATA interface. If you were so inclined, you could remove the HDD and place it in an SATA to USB adapter and copy her files off to another disk. It might not be a bad idea to do this first in order to protect her files. I agree the process described above would be appropriate if the scammer only changed her password and didn't undertake any additional mischief.

    Good luck - let us know what happens.

    Best,
    Joe
     
    Aivxtla and hmscott like this.
  4. ssj92

    ssj92 Neutron Star

    Reputations:
    1,999
    Messages:
    3,970
    Likes Received:
    4,893
    Trophy Points:
    331
    I have some laptops with eSATA ports and this is what I would do...

    Remove the HDD and connect it to a different computer that has eSATA, extra SATA port, etc.

    Now....idk what else he could have done, so I would boot off of a linux usb and then access the drive in case there's malware or something else. You SHOULD be able to access all pics etc in this method.
     
    Aivxtla and hmscott like this.
  5. hertzian56

    hertzian56 Notebook Consultant

    Reputations:
    11
    Messages:
    142
    Likes Received:
    51
    Trophy Points:
    41
    Yeah you can get a sata to usb cord on eb for like 6 bucks just take out the drive and connect it to another computer to get the files off.
    Maybe she just needs help backing up pics etc on an external drive now and then. It's pretty sad how older people get targeted and scammed so much bc they're not really experts at computers/phone scams. I just went through helping my gparents in their 80's upgrading their computer and getting an external hdd for backup of pics etc But I don't think they remember to do it much, it's not on their mind, at least I got as much off as was there when I was helping out. Their win10 OS was infected w a lot of crap before and they lost everything on the desktop which is where they had most of their stuff. Put on zonealarm free so hopefully that helps lol
     
    Last edited: Dec 12, 2019
    KING19 likes this.
  6. StormJumper

    StormJumper Notebook Virtuoso

    Reputations:
    542
    Messages:
    3,305
    Likes Received:
    422
    Trophy Points:
    151
    This here goes beyond this forum to help and you need to take it to a computer shop to fix or remove this malware. We here will not help as that is going to cause more problems then it helps. This is far beyond just simple help and requires Professional computer shops to fix this. So call them up and take it there to fix it.
     
  7. Jdpurvis

    Jdpurvis Notebook Evangelist

    Reputations:
    73
    Messages:
    385
    Likes Received:
    92
    Trophy Points:
    41
    Maybe I missed something, but it was not clear to me that (other than a change of password) that malware had been installed - although that is certainly a real possibility. Unfortunately, these days, there is a shortage of competent (Professional or professional) computer shops out there. My guess is that the scammer didn't waste much effort, once he found out he was not going to get bank information - and that he simply changed the password and let it. In any case, the risk of a check to see if the disk can be removed and accessed from another computer is fairly low, if done carefully. If this is possible, then the disk could be checked thoroughly for malware, and her files could be copied. Brute force techniques that could involve running executables on her drive ( a default for some less experienced shops) could result in a dead drive. Of course, evaluation by someone experienced in this sort of problem would certainly be appropriate. Some or our members have many years of experience :)
     
  8. Aivxtla

    Aivxtla Notebook Evangelist

    Reputations:
    383
    Messages:
    442
    Likes Received:
    590
    Trophy Points:
    106
    I would as others above mentioned, connect the hard disk to another computer with Linux (any distro ie Mint, Ubuntu etc) installed and get the pics and any important documents off the drive. Then do a fresh install of Windows to be safe, that's your best bet. Even if an antivirus detected nothing I'd still lean on the side of caution, as there's still the rare chance something could be missed.

    FYI you can run Linux from a USB drive without installing with many distros like Ubuntu, Mint etc.

    There's also a chance, though not always that a "repair shop" may overcharge or take advantage if they think you are a novice, I remember Best Buy's Geek Squad once had an F rating for being deceitful/incompitent, though that was many years ago. One example if I recall was a local TV station taking in a desktop with a purposely disconnected SATA cable and the big name store told them they needed a new HDD or something, and then they went to a small mom and pop shop that told them it was just a disconnected cable and didn't charge. If you really want to go to a store just do some reviewing first.

    Also I highly doubt they'd (computer shops) do anything different than what was already mentioned in this thread so far.
     
    Last edited: Dec 19, 2019
  9. StormJumper

    StormJumper Notebook Virtuoso

    Reputations:
    542
    Messages:
    3,305
    Likes Received:
    422
    Trophy Points:
    151
    @Aivxtla I am talking about reputable shops not BestBuy. I would cut my left nut out before going to GeekScam. There are small shop that can verify what they can do before they charge one has to do their homework first.
     

Share This Page