Author Topic: Buttoning down a W7 box (Read 1419 times)

Tim Hall · « **on:** 31 May, 2017, 08:56:36 pm »

The Aged P runs a W7 box for internet spodding, email and a bit of photo storage.

Bad People tried, almost succesfully, to relieve him of some money this afternoon by means as yet to be established. Fortunately the bank were on their toes but the machine is compromised (and switched off). A clean install is on the cards, but what other steps can be taken to help prevent a re-run? (He got taken for a couple of grand a few years ago, but the bank refunded him).

Should we be getting him to run an account with no/few admin rights, that sort of thing? He has Microsoft Security Essentials (I think). He did have SpyBot S&D (free version) but I took it off, as it was about 18 months out of date and I assumed, maybe wrongly, that the Microsoft product would be enough.

hubner · « **Reply #1 on:** 31 May, 2017, 09:38:16 pm »

Was it phishing, ie he got an email saying click on this link and enter your personal and bank details?

I doubt the computer was hacked or infected with malware.

Tim Hall · « **Reply #2 on:** 01 June, 2017, 08:28:46 pm »

It seems it was infected. Or it is now.

His browser flashed up a (fake) warning message, saying call this 0845 number now, your machine is compromised. Which he did, and was, sadly easily, talked in to installing some remote control software. I'd say he had some malware onboard to allow the warning message to come up, unless he was browsing some flaky site or other. Anyway, dusting off and nuking is going to happen. I've recovered his data*, by using a Ubuntu live DVD and an external HDD. Poking around I found a whole new user profile had been set up by the scammers. There's also a log file for the remote control software, but it doesn't give useful info like "Scammmer at 27 Scammer Ave, Scumbag" logged on at 1537, merely a user number. Could be useful to the rozzers I suppose, so I'll copy that file for them.

* Stuff me, Windows Photo Gallery tucks the images well away under the bonnet, doesn't it.

pcolbeck · « **Reply #3 on:** 01 June, 2017, 09:21:43 pm »

I'd be tempted to reformat it and stick Linux on it if its just for web browsing and email.
Wont totally protect against a phising attack but it will be a lot less susceptible to them installing malware on it.
Just put two icons on the desktop and rename them "Internet" and "Email", job done.

Plug1n · « **Reply #4 on:** 02 June, 2017, 11:15:51 am »

You could always follow the CESG guidance https://www.gov.uk/government/publications/end-user-devices-security-guidance-windows-7/end-user-devices-security-guidance-windows-7

A lot of that applies to domain/enterprise environments though....

Tim Hall · « **Reply #5 on:** 05 June, 2017, 03:54:43 pm »

Quote from: pcolbeck on 01 June, 2017, 09:21:43 pm

I'd be tempted to reformat it and stick Linux on it if its just for web browsing and email.
Wont totally protect against a phising attack but it will be a lot less susceptible to them installing malware on it.
Just put two icons on the desktop and rename them "Internet" and "Email", job done.

This has been done.
"Dad, I'll put a different operating system on it. The stuff that makes it work. It's called Ubunutu"
"Is that Linux?"

Go Dad.

Afasoas · « **Reply #6 on:** 06 June, 2017, 12:29:57 pm »

FWIW (probably too late now) I think Mint is slightly easier on those coming from Windows XP/7

Author Topic: Buttoning down a W7 box (Read 1419 times)

Tim Hall

Buttoning down a W7 box

hubner

Re: Buttoning down a W7 box

Tim Hall

Re: Buttoning down a W7 box

pcolbeck

Re: Buttoning down a W7 box

Plug1n

Re: Buttoning down a W7 box

Tim Hall

Re: Buttoning down a W7 box

Afasoas

Re: Buttoning down a W7 box