This is regarding my parents’ computer. They are running Windows 7. I manage their pc from out of state using TeamViewer. I have an administrator account set up and they each have a user account.
Apparently my dad was having problems with his Roku. He went online to get their support number and called, only it wasn’t Roku. I’ll spare the details but it ended up with my mom giving control of their PC computer to some guy who told them they had a back door security breech and he could fix it for $149. (He convinced them the problem originated with their PC)
He also wanted their administrator password. He was obviously trying to install something. Fortunately I had set them up with standard user accounts. They called me about this time. Not knowing what all was occurring, I told my dad to unplug/replug the roku, which fixed it so they got off the phone with the guy. I found all this out later.
I am hoping this guy did not get into the administrator settings. I guess my dad was shouting the password to my mom, but she never typed it in, however I don’t know if the guy might have heard it and typed it himself. Probably not, because it is a weird password that might be tough to spell.
Once I got the story this evening, I immediately changed the admin password and I am running a deep scan with eset.
I can’t rebuild their system from out of state. I’ll have to wait for summer when I visit for that. I told them to go to their bank and put a security alert on their accounts. Also, not to do any banking on that machine.
Does anyone have any further advice? What types of activity are typical from this kind of hijack? If it is ransom-ware, I can deal with that until the summer. I am mostly worried about spybots and keyloggers.