Windows 8 Doing a System Restore on a Windows 8.1 machine after Phone Scam

[JohnTLC]

Hi there guys,

A friend of mine was taken in this afternoon on a scam phone call. The person who rung up told him that he had trojans on his computer and they were killing the websites he was going too. If he paid the scamers $250 they would remove them for him. You get the picture....

Have way through, his son called me and told me what was going on, the first thing I told him to do was pull the connection from the internet, which was done.

His son then tried to go back on the computer, he could not get into the main account, but there was a guest account active on the computer.

SO question. If I go into the Guest account and do a system restore will this remove all the crap and restore the computer back so that he can get back in and retrieve his documents and pictures, or is there another way to deal with this problem.

Thanks for any advice and help.

Kind regards
John

 

[patcooke]

You can never be certain just what was installed so can never be certain you have cleaned the pc. You should not allow the pc access to the internet until you have done the following:

1. Disconnect the pc from the internet.
2. Back up all personal data files.
3. Run a full system recovery (not restore).

This will reset the pc back to factory setting and is the best way to be certain of undoing whatever damage was done.

 

[JohnTLC]

Hi there Pat,

Thank you for that information, is there a way to back up the files before we go back to the factory setting?

I can not belive he got taken in like this.

Kind regards
John

 

[patcooke]

Just navigate to the folders where they are stored (be default they will be in the C drive in the users folder under the user's name). Copy the folders required to an external hard drive.

 

[MikeHawthorne]

Hi

Here I go again, but everyone should make a backup image of their C:\drive just in case something like this or a crash happens.
I use EaseUS TODO free backup, it works great, it's really easy to use, it makes it's own recovery DVD CD and It's FREE.

You can use whatever software you want but do make a system image file when you get it back up and running.

And Pat is right the only sure way is to do a factory reset.

If you can boot the computer, and everything works make sure it's not connected to the net, and copy all of the files to a backup external hard drive or DVDs.

If you can't boot the computer, then create a Ubuntu disk boot your computer from that and backup the files.

Mike

I see Pat got back here just before I posted this.

http://www.ubuntu.com/download/desktop/

 

[JohnTLC]

Thank you Pat
Thank you Mike.

I do not understand why people do not take the time to back up there files. It is madness, every night we backup all our work that we have done throughout the day, and it is sent off site. But that is us and the guy I am trying to help now.

I need to do a remote access to the computer to do the backups etc, do you think I could get away with this, as I will be going in on another account and not the original account which has been hacked by these people?

Any help and advice would be very helpful at this point before I start work in the morning.

Kind regards
John

 

[patcooke]

If remote access is the only way to get the data of the pc then needs must but I would prefer not to have any internet connection until the data is off and trhe pc fully reset to factory. If the volume of data is large then you will need a lengthy connection time to transfer it all.

 

[JohnTLC]

Hi Mike, it sounds like the guy has used the computer as a family machine, yes there will be loads of images which I will need to keep for him, but music files etc he should be able to get again. I am keeping my fingers crossed.

 

[MikeHawthorne]

Hi

I'm assuming that there are too many photos to make it practical to copy them to DVDs?
About 300 per DVD at 15mb each, music files a lot more, probably a thousand or more per disk.

External hard drives are pretty cheap now as well, and it would be a lot faster then over the net.

Mike

 

[JohnTLC]

Hi there Mike,

Thank you for your thought and feedback. In the end I went of to my friends, dads house and did the work over there. What a mess they had made of his computer. But he now has a new computer (well the sort of) I cleaned off the the computer after taking off all the images (730 in all) not that meany then reformatted the computer back to the factory settings. He (When I left) was looking at a new Windows 8.1

Thank you to you both for your advice last night.

All the very best and stay safe.

Kind regards
John

 

[MikeHawthorne]

Hi

I'm glad to hear you got it all cleaned up.
I'm 76 and a geek so I end up having to clean up the mess that all of my non geek 65+ friends make of their computers.

I usually set them up to start with when they buy a new one, and I partition the hard drive and then make a system image on the new partition when I'm done, so that I can recover it easily when they get it messed up.

I've even made a video that I place on their computer desktop explaining the basics for some of them, but they still call me and ask where their files are.

Mike

 

[JohnTLC]

Thank you Mike for your kind words. This is going a little off message really but my father in law was 80 when he go his first computer. Then we had the phone call, as he found a brothel in Australia, when he was looking up something on the net, we think he was looking at an Australian newspaper and ended up seeing all these pictures. He said, "I did not know that kind of thing was on the internet".

All the very best for now, and thank you once again.

Kind regards
John

 

[eskimoshoog]

Thankyou from me also for all the solid advice