Friend allowed scammers on laptop - help!

  bob dob 15:23 31 May 2017

Hi all. A good friend told me yesterday that he's been trying to get BT out to fix his router. Unfortunately he was phoned on the weekend by some scammers who claimed they were from BT and he allowed them remote access to his laptop and they downloaded some software. At the point that they asked him to log on to his internet banking he hung up and uninstalled the software.

I urged him to update and run Malwarebytes and SuperAntiSpyware as well as his Avast antivirus.

He's told me that he ran the MalwareBytes scan and it didn't find anything but it then asked him to update it. He did, then it asked him to reboot. He did and upon restart it is asked him for the admin password, he put it in but now can't get it to safe mode or to progress in to windows at all.

Any ideas, please?

  Belatucadrus 15:31 31 May 2017

Have a look at these.

Click Here

  Jollyjohn 16:13 31 May 2017

If he can't boot to Windows then I suspect the scammers have put their own password on the PC. Go here click here download and burn to a cd. Boot from CD and accept the defaults in most cases. Make notes in case you need to run again. The option you are looking for is to "Clear the admin password" under your friends username.

Will check back in the morning to see how you are getting on.

  bob dob 10:38 03 Jun 2017

Sorry for the delay, couldn't get to this until now. I will get on this today, thank you for the excellent help so far....

  bob dob 11:08 03 Jun 2017

Quick one - I'm burning the chntpw to disc and it's asking for 4 discs, is this correct?

  Fruit Bat /\0/\ 13:14 03 Jun 2017

is a small Windows password removal utility that can run from a CD

no it should easily fit on one CD.

  MJS WARLORD 15:45 03 Jun 2017

i think i know the answer to how you got hit... i use antimal and it never tells me to update and reboot , the program updates itself before it does a scan.... by the way , does he have the genuine antimal ... i have seen screen shot in another magazine showing fake antimal and the only clue is a not so obvious spelling mistake in the name....

once the pc is up and running again i would strongly recommend you use the pc's recovery software to reset it to a never used state as this is the only way you can 100 % guarantee all the nasties you cant find have been removed.

  [DELETED] 16:15 03 Jun 2017

Another thing to be aware of, if Windows 10 or 8 and he uses his email address and password to log in, is to change that as soon as possible. Login here on another PC and click on the name top right. Click account settings and change the password. If he has no data that's important (assuming backups ) then a clean install of Windows might be the answer.

  bob dob 13:29 04 Jun 2017

Thanks all. Back on it today - It's Windows 10, I've never used this before so here we go ;) When it's booted it goes to a blue screen of 'choose an option' but all options apart from the 'Reset the PC' just restart it (haven't tried the 'reset the PC' yet, as I don't want to wipe his data. Similar thread here but don't know if the answers there are appropriate? click here

  Fruit Bat /\0/\ 13:47 04 Jun 2017

Assume you have this screen?

  bob dob 14:51 04 Jun 2017

I have: Reset this PC Recovery manager Advanced options but haven't explored yet as not my PC. You suggest Reset this PC?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Mi Mix 3 UK Review: Xiaomi's Flagship Slides Into The UK

Enter the geometric, gonzo world of Tokyo-based vector artist BloodBros

Apple Maps vs Google Maps

Test : le Mi Mix 3 de Xiaomi