Remote desktop onto compromised machine?

[Caimbeul2000]

Hi,

A bit of a pickle - a young person with special needs that my wife and i used to care for has been called by some scammers claiming to be from her ISP and that her router had thousands of errors and that they needed her to do some things on-line with her computer so they could fix them (i know...). She did do a lot of what they have said including confirming memorable info!
Anyway she did call me not long after the call with them and mentioned it and her machine was doing things she thought was a bit wierd. After only a few seconds of her explaining i told her to do a hard power off to terminate whatever was going on. Now aside from dealing with this situation outside, i have no idea what has gone on with their laptop. They live around 200 miles away so popping over to get it isnt an immediate solution. Would it be safe for me to remote onto her machine using chrome remote desktop to try and ascertain what might have been done, run scans etc?

Thanks

[b0redom]

Not really. As soon as she connects the laptop to the Internet so you can connect, I suspect whoeve the scammers were will also have access.

[Jonj1611]

If she can follow your instructions maybe post her a bootable usb of linux or something that you can connect to via teamviewer or whatever and clean the windows partition from there. Its a bit long winded but probably safest route apart from actually being there

[Kumagoro]

Keep it off the network and video chat. Then you can tell them what to do easier.

First things first look at uninstall software and click on order by date and see if there is anything obvious remote wise and then uninstall it. These scammers don't tend to use sophisticated hidden programs to gain access. If you find stuff and remove it I reckon it is okay to then put it back on the network and for you to remote in and give it a proper once over.

[smargh]

Turn off the router, turn on the laptop, then... I'm not sure, it depends. Maybe the easiest option for guiding them through it would be to do a system restore to a date before the incident?

[jimbouk]

Not sure what they do with these machines once they have access? Assume all personal info has been lifted already and they just continue to sniff for more passwords, bank details, etc. Can't imagine it gets put on a botnet or anything like that, and if the hard-drives been encrypted then that's that.

Think one of the last two might be worth a punt - hopefully something obvious that can just be uninstalled.

Was a news article recently about a scammer who dialled the Australian Cyber Crimes unit (I think) which had some details about what was done, see if I can find it.

[jimbouk]

Here we go: https://www.theregister.com/2020/11/...cam_intercept/

[AGTDenton]

Not sure what they do with these machines once they have access? Assume all personal info has been lifted already and they just continue to sniff for more passwords, bank details, etc. Can't imagine it gets put on a botnet or anything like that, and if the hard-drives been encrypted then that's that.

Think one of the last two might be worth a punt - hopefully something obvious that can just be uninstalled.

Was a news article recently about a scammer who dialled the Australian Cyber Crimes unit (I think) which had some details about what was done, see if I can find it.

Just to add to this, a youtuber goes after these scammers and has managed to infiltrate a number of them
https://www.youtube.com/channel/UCBN...AprVcZZ3ic84vw

He really goes into detail and gives a lengthy insight as to what the scammers are doing. Worth a watch of a few episodes for the education & awareness side of it. He has great tricks up his sleeve and has managed on several occasions to get into the scammers PC.



Kumagoro hits the nail on the head.
You will have to get them to use a phone or tablet, something with a camera separate from the plagued PC in order for you to see their screen and direct them to uninstalling nasties & scanning the PC. They may have to download tools onto another machine, transfer to USB in order to run a scan.