I am helping an elderly family friend diagnose his computer problems. He has fallen victim to a fake technical support scam by a company called "Adroit Rescue", and has paid their "fee" for what they claim is a year's worth of technical support. I have his computer, and it is disconnected from the internet.
In looking through the machine, I see that the scam happened on August 7, 2016. A text document was placed on the desktop, with the title "COMPUTER TECHNICIANS". Inside, it lists the technician's supposed name and employee ID, the company name and phone number, and a customer ID number.
On the day the scam happened, he said received a popup on the screen which froze his computer, then received a phone call from Adroit. He had no idea how they acquired his phone number. He also cannot remember how the popup occurred - either by clicking an email link, Facebook link, Microsoft Edge browser ad, etc. He said they spent an hour on the phone with him. They did their fake security presentation on the computer screen, and "unlocked" his machine after taking his credit card information over the phone.
How do I go about determining exactly what they have done to his machine?
By searching the hard drive, I see the following happened on August 7th:
- A folder for ADWCleaner was created. Its logfile shows removal of the following:
- I am seeing error messages that state that Windows Security Center is not turned on. I checked the Security settings, and Windows Defender appears to be running, but is out-of-date.
As I said, this machine is running, but is disconnected from the Internet. Is it safe to plug into my Xfinity/Comcast modem with two other PCs attached? I'd appreciate any advice on how to proceed.