Friend allowed scammers on laptop - help!

  bob dob 15:23 31 May 2017
Locked

Hi all. A good friend told me yesterday that he's been trying to get BT out to fix his router. Unfortunately he was phoned on the weekend by some scammers who claimed they were from BT and he allowed them remote access to his laptop and they downloaded some software. At the point that they asked him to log on to his internet banking he hung up and uninstalled the software.

I urged him to update and run Malwarebytes and SuperAntiSpyware as well as his Avast antivirus.

He's told me that he ran the MalwareBytes scan and it didn't find anything but it then asked him to update it. He did, then it asked him to reboot. He did and upon restart it is asked him for the admin password, he put it in but now can't get it to safe mode or to progress in to windows at all.

Any ideas, please?

  Belatucadrus 15:31 31 May 2017

Have a look at these.

Click Here

  Jollyjohn 16:13 31 May 2017

If he can't boot to Windows then I suspect the scammers have put their own password on the PC. Go here click here download and burn to a cd. Boot from CD and accept the defaults in most cases. Make notes in case you need to run again. The option you are looking for is to "Clear the admin password" under your friends username.

Will check back in the morning to see how you are getting on.

  bob dob 10:38 03 Jun 2017

Sorry for the delay, couldn't get to this until now. I will get on this today, thank you for the excellent help so far....

  bob dob 11:08 03 Jun 2017

Quick one - I'm burning the chntpw to disc and it's asking for 4 discs, is this correct?

  Fruit Bat /\0/\ 13:14 03 Jun 2017

is a small Windows password removal utility that can run from a CD

no it should easily fit on one CD.

  KEITH 1955 15:45 03 Jun 2017

i think i know the answer to how you got hit... i use antimal and it never tells me to update and reboot , the program updates itself before it does a scan.... by the way , does he have the genuine antimal ... i have seen screen shot in another magazine showing fake antimal and the only clue is a not so obvious spelling mistake in the name....

once the pc is up and running again i would strongly recommend you use the pc's recovery software to reset it to a never used state as this is the only way you can 100 % guarantee all the nasties you cant find have been removed.

  bob dob 13:29 04 Jun 2017

Thanks all. Back on it today - It's Windows 10, I've never used this before so here we go ;) When it's booted it goes to a blue screen of 'choose an option' but all options apart from the 'Reset the PC' just restart it (haven't tried the 'reset the PC' yet, as I don't want to wipe his data. Similar thread here but don't know if the answers there are appropriate? click here

  Fruit Bat /\0/\ 13:47 04 Jun 2017

Assume you have this screen?

  bob dob 14:51 04 Jun 2017

I have: Reset this PC Recovery manager Advanced options but haven't explored yet as not my PC. You suggest Reset this PC?

  Fruit Bat /\0/\ 15:32 04 Jun 2017

Rest this PC may or may not allow you to keep data.

Not sure what recovery manager will do but sounds like it will reset it back to factory settings thus losing the data

Advanced options is usually where you get to the reset screen so a little confusing.

Personally I would have booted using a live linux distro from a DVD or USB and backed the data up using that. Or connected the drive to another PC using a Caddy or direct to motherboard and backed up the data before attempting any reset.

You stated earlier that all other options just restarted the machine.

click here download and make the boot media and boot from that and see if other options work then.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best Camera Phones 2019

How can good design help millennials fall in love?

iMac 27in (2019) review

Comment identifier le modèle de son iPad ?