Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone hacked a computer


  • This topic is locked This topic is locked
33 replies to this topic

#1 PeggyLee

PeggyLee

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 January 2015 - 04:17 PM

My elderly mother has a Dell Optiplex with Windows XP pro. Someone called her and asked if she was having problems with a slow computer with messages popping up. They said they were from Windows. She naturally assumed it was legit and told them yes. They told her what to do while on internet to allow them to access her computer to fix it. They were controlliing it. (She is on DSL by the way from ATT.) When she hung up she told me about it and I told her it had to be a hoax because Windows won't call her. They are a product of Microsoft and would not call her. She called BBB and they verified it was a hoax. They wanted personal info like credit card info, but luckily she does not do anything online of a personal nature. She only does genealogy research on Rootsweb. They called her back wanting her credit card info and she refused but then they did something to her computer where it totally crashed and we had to buy her another motherboard. The virus was a bad one. The computer is up and running again and I told her to not connect it back to internet just yet. My nephew connected his laptop for just a minute, they called her back the next morning, so obviously they knew when she was online again. My question is, is there anything we can do to prevent them from accessing her computer again when she goes back online? The phone company will not change her account. Said they don't do that. Can we go in somehow and change a setting so they can't control her computer again? We are not too savvy on that type of stuff. Any help would really be appreciated.


Edited by hamluis, 14 January 2015 - 04:44 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Gmer99

Gmer99

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:02:28 PM

Posted 14 January 2015 - 05:00 PM

Hello , I saw your topic in here ... Well A lot of fake technicians are on the web , they install you malware even if your computer is virus clean , please take drastic security actions like change computer name , install a router with NAT firewall , change all possible leaked passwords , or accounts ... write down the phone number of that fake techinician and block the call ... and report any further hacking event to FBI Cyber Crime Division ...

 One more thing is to get rid of the virus is to Formatt computer and install a fresh Windows on that computer and after that set one good router to be protected in the future ... :thumbup2:



#3 JohnC_21

JohnC_21

  • Members
  • 22,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 14 January 2015 - 05:12 PM

You said you have Att dsl. Are you using the wireless gateway ATT provides? Change the SSID broadcast name from 2wireXXX or ATTXXX. I would also change the wireless encryption password.

 

You said your mother does nothing of a personal nature on the internet. If your mother only browses the internet and does things like email then get rid of XP and install a linux distro like Mint or Ubuntu. Provide a good password during the install. Enable the firewall and your grandmother will not be bothered with Windows malware again. If you do not want to install linux then at least get Windows 7. XP no longer gets security updates and is open to new security threats.



#4 shanepearce

shanepearce

  • Banned
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 14 January 2015 - 05:13 PM

you may be better off wiping the hard drive and reinstalling windows

some software you can get is

spybot search and destroy

hijack this

ccleaner



#5 JohnC_21

JohnC_21

  • Members
  • 22,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:28 AM

Posted 14 January 2015 - 05:16 PM

That is correct, even though you think you have cleaned the OS, there may be some hidden malware that lets the people who called know the computer is back online.



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:28 PM

Posted 14 January 2015 - 05:20 PM

It would also be advisable to reset her router.



#7 Gmer99

Gmer99

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:02:28 PM

Posted 14 January 2015 - 05:26 PM

You can check your PC to see if your infected with this good stuff https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/


Edited by Gmer99, 14 January 2015 - 05:26 PM.


#8 YeahBleeping

YeahBleeping

  • Members
  • 1,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 14 January 2015 - 05:29 PM

Hello Peggy-  What a great question up for numerous debate.  Let me start off by stating that My mother actually fell prey to this kind of 'phishing/Hack' Just after Christmas.  She did not provide any credit card information either and the only difference is in my mother's case she DID NOT give them access to her computer and instead asked them to call back when I could be there.

 

I told her immediatly that it was a fake call because if you could get microsoft to call you I want the callback  number for sure .. (lol)

 

Most likely these 'hacker/phishers' Will continue to badger your mom for awhile until they give up.  One thing you can say when they call is that "I have contacted my telephone provider and they will be back tracing all calls and I am supposed to keep you on the phone as long as possible"  Most likely this will end up with the 'hacker/phisher' hanging up the phone and you may not get a call back.  These people in this case simply want credit card info.  (and access to zombie your computer)  So if you do not give them what they want .. they will simply move on.

 

The aforementioned post by Gmer had some good suggestions.  I might also suggest that you name your computer Honey or Sandbox.

 

When you say you had to buy a new motherboard for your mom's computer.  I wonder if you meant a whole new computer.  Changing out a motherboard is not a easy task so I would presume that you have a new computer or you have the old computer with the same ' infected ' hard drive.

 

I would suggest for sure that you make sure you have no more malware on the computer if your using the same one.

 

Make sure your OS is up to date.  It would be great to have a NAT router/firewall between your computer and your internet provider's modem.  You can call your ISP and ask them to release and renew your IP address.  (your phone company does NOT do this which is probably why they said they don't do that).

 

There are some GREAT readables on the web out there on this sort of thing.  But lets be honest here unless your extremely wealthy and they know it- not having a credit card or debit card to provide them (hacker/phishers) your simply not a good target.

 

Thats not to say you shouldnt protect yourself.  Depending on what the hacker/phishers were able to obtain- She may very well want to watch her bank account for awhile (which she should anyway).

 

Have a look at some explainations here and here.

 

Good Luck and always be vigilant on the fight against the black.



#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:28 PM

Posted 14 January 2015 - 05:33 PM

If you can get daily access to the machine to assist her I recommend you follow this guide to prepare for malware removal assistance.

 

Should this not be viable for you, and/or she cannot venture to attempt this fix herself I would recommend you assist her to back up her data and restore her machine to a factory state. Please note it is highly advisable to reset her home router also.

 

Cheers

 

TsVk!



#10 PeggyLee

PeggyLee
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 January 2015 - 05:41 PM

Thank you so much to everyone who replied. We did a fresh install of XP. This is the only version we have at the time. She has Superantispyware installed but I will try the Spybot. She did report this to a federal agency and gave them the phone # they had used to call her. She also told the hackers she had reported it and they hung up. But then called back a couple weeks later. She does not have email or no kind of bank information on the computer. Thank goodness she is old school! We only replaced the motherboard, kept the old hard drive. I can try to wipe system clean next time I'm over there. May have to help her get another computer. Don't know yet. Would someone please spell out how to #1 change the SSID broadcast name, #2 how to change wireless encryption password and #3 how to re-set router? Sorry we sound dumb on this, but we don't have this type connection ourselves and have no experience with it. Thanks.



#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:28 PM

Posted 14 January 2015 - 05:50 PM

To reset the router there is a pinhole on the device that you need to stick something in and hold down for 10-30 seconds (depending on model), Google the router model to get exact instructions.

 

Then you can connect to the router by typing in "192.168.0.1" in the internet browser address bar. Often the default password will be written on the router, but if not it is often "password". Should these not work you can get the password easily from Google. Just search "your router model default password".

 

This will allow you to log into the router. You can then change your local password (make it strong and write it down), and also your wireless password. Make sure also your wireless is broadcasting on WPA2.

 

Make sure you save all of the details after you have changed them.

 

That will secure your network

 

:thumbup2:



#12 YeahBleeping

YeahBleeping

  • Members
  • 1,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 14 January 2015 - 05:51 PM

Thank you so much to everyone who replied. We did a fresh install of XP. {SNIP} Would someone please spell out how to #1 change the SSID broadcast name, #2 how to change wireless encryption password and #3 how to re-set router? Sorry we sound dumb on this, but we don't have this type connection ourselves and have no experience with it. Thanks.

 

1. How to change the SSID - Unless she has a wireless network she does not need to do this.  If she does to help you further we would need to know the make/model of the wireless router.

 

2.  This would be done from within the router's interface.  And to assist we'd need the make and model of the router.  You may not be able to if this is a piece of hardware provided by your ISP.- But again it may be possible depending on what tools your Internet provider..provides..

 

3.  Resetting the router may not be your best choice here unless your familiar with how your system is already setup with your ISP.  I would call your ISP for assitance with this unless your wireless router is aftermarket ie. you bought it yourself.

 

~Yeah



#13 PeggyLee

PeggyLee
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 14 January 2015 - 06:31 PM

Thanks for the advice. The router is from ATT. I am only up there once a week since it is a 45 minute drive. She is 86 and knows nothing of how to do any of this. My husband and I will have to do it. My husband was wondering if she could just use this computer as is, plugged into the router, not use it at all, and get another computer and insert a wireless USB adapter and just use the wifi signal for the 2nd computer.



#14 YeahBleeping

YeahBleeping

  • Members
  • 1,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 14 January 2015 - 06:53 PM

Your kinda confusing me now here.  So you want to leave a computer that is possibly infected with malware connected to the ATT router.  And get a second computer and connect it wirelessly to the internet through.... what.. the ATT router?

 

Why do that?  Why have two computers connected if your only going to use one.  Plus .. you definately want to make sure theres no more malware on that ' possibly infected ' computer.

 

Does the ATT router have a wireless connection?  If not than getting a USB wireless NIC is not going to help you connect to it.  You may want to start a new post in the Networking section if you want more help with that since this section is for ' am I infected ' questions.



#15 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:10:28 PM

Posted 14 January 2015 - 06:56 PM

ATT will be able to provide you exact instructions on how to reset their router, and will also change your IP address for further security if you request it.

 

There is no need to bring in a 2nd machine in this instance.

 

edit: as she has no financial information on it there is no real concern about using the machine "as is" for the time being.


Edited by TsVk!, 14 January 2015 - 06:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users