this post was submitted on 04 Dec 2023
6 points (80.0% liked)

Cybersecurity

5689 readers
165 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
 

Hi, I’m not a coder etc but I’m not a complete noob with computers.

My FIL has apparently been scammed / hacked by some shithead (according to wife) who has apparently managed to get control whenever he turns his laptop on. I don’t know much more than that right now. The situation is pretty shityy because the poor old man lost EVERYTHING in recent flooding; all possessions, personal documents etc. He was given this laptop to help him get his life back together, personal admin etc.

He’s actually an OG coder and mathematician but is old enough to be vulnerable to the crap that these scum pull on the unsuspecting.

I’m wondering if there’s a way (rubberduck?) to quickly delete teamware etc as soon as the pc boots. Not sure how much admin control he has anymore.

Is there a safe mode (?) way of getting back control / kicking external admins?

Many thanks for any advice.

top 10 comments
sorted by: hot top controversial new old
[–] skizzles@lemmy.world 10 points 11 months ago (2 children)

Try using a USB boot stick to boot into Linux and just save whatever you need from the machine and then reformat it. Since this way the machine won't automatically connect to Wi-Fi and potentially cause more issues.

That's the quickest, simplest way without needing to try to diagnose and dig into the system to see what is affected and trying to fix it.

Also what is the computer doing when it boots up? There's not really enough information being given to be able to provide any other advice.

[–] Lophostemon@aussie.zone 3 points 11 months ago (1 children)

Thanks, we might give that a go. I don’t really know what else is happening, TBH. I only heard about this briefly last night. Apparently my FIL is now being “stalked” and he’s had to change phone number etc.

[–] skizzles@lemmy.world 3 points 11 months ago

Hopping on a live USB to recover files is your safest option.

It will also give you an opportunity to scan files (with something like clam av) while running from a system other than Windows, so you're less likely to encounter any further infections. Not that Linux can't be infected, it's just much less likely and you'd be running from a flash drive and off network anyway so it's about as safe as you can get.

You would need to connect the live USB to the Internet to install clam av on the USB stick or something similar, but that can be done while using a separate machine before actually plugging into the affected machine.

I can't really offer any advice on using any software for scanning as I keep personal things on separate drives segregated from the network so if something ever did happen I'd just wipe and start over.

May be a good idea to take though. Get him a USB drive that he can store files on and disconnect when he doesn't need it.

Just some thoughts from someone that works in desktop support and has been tinkering for a little over 20 years.

Good luck!

[–] phx@lemmy.ca 3 points 11 months ago

Yeah, even if you're extremely knowledgeable with computers I do not recommend trusting the OS (or sometimes the whole device) after it's been compromised. Back stuff up, wipe, reinstall.

That or have a fresh drive installed and then a clean OS, then pop the old one on a USB enclosure and grab just what you need from it. Beware that a really nasty hacker could have invented remaining files with Trojans/malware so definitely re-download any installers rather than using the stuff from the old drive.

[–] walter_wiggles@lemmy.nz 5 points 11 months ago (2 children)

Turn the wifi off, or take it somewhere where there's no wifi, and start it up.

[–] RubberElectrons@lemmy.world 6 points 11 months ago (1 children)

This works, even if you disconnect your home router temporarily.

I'd strongly recommend using an external boot disk to save your important documents. Beware of any zips or executables within those directories you're backing up, they also may have been modified. You can also just pull the hard drive out and stick it into a USB hdd adapter and plug it in like it's a regular flash drive. Again, be careful or you may infect your personal system as well.

[–] Lophostemon@aussie.zone 3 points 11 months ago (1 children)
[–] RubberElectrons@lemmy.world 3 points 11 months ago

Sure, good luck and keep us posted.

[–] Lophostemon@aussie.zone 2 points 11 months ago

This occurred to me as I typed the original query. I wonder how much control the guy has and whether we can even get into the files.

[–] Lophostemon@aussie.zone 1 points 11 months ago