The details of this are sketchy at the least but I'll try my best.
The Laptop belongs to a local businessman/friend of mine. He's getting on a bit now, not really pc savvy but he can scrape by. He rang me a fortnight ago today in a panic, some Indian guy claiming to be from BT phoned him saying someone was gaining access to his wifi. :sneaky:
When the guy started talking Bank details my mate got wise and told him no chance and tried to close the call. Here's the weird part, according to my mate he couldn't stop this call and resorted to removing the sim (iphone 7). Perhaps he just couldn't turn it off in his panic. I asked him if he let them take control of his laptop and he said no but he could see they were doing something with it.
He brought it to me today as it's now asking for a system repair (win 10) which obviously won't work. When I try advanced options to boot in safe mode it asks for a password, he never used one. Trying system restore only showed 2 restore points from 3 days ago which won't work either. I checked his hd for malware (ok) and copied/saved his personal data and came across Teamviewer which he denies installing.
The logfile looks very interesting though if I really understood it, looks like some real dodgy stuff went on last week. Would appreciate it if one of our trusted members who has the skills could decipher it for me. I know it's probably going to have to be a "nuke and pave" but the required password may be hidden in that logfile.
Just thought to add that Teamviewer connected to his laptop 5 times between the 7th and 14th of this month.
The Laptop belongs to a local businessman/friend of mine. He's getting on a bit now, not really pc savvy but he can scrape by. He rang me a fortnight ago today in a panic, some Indian guy claiming to be from BT phoned him saying someone was gaining access to his wifi. :sneaky:
When the guy started talking Bank details my mate got wise and told him no chance and tried to close the call. Here's the weird part, according to my mate he couldn't stop this call and resorted to removing the sim (iphone 7). Perhaps he just couldn't turn it off in his panic. I asked him if he let them take control of his laptop and he said no but he could see they were doing something with it.
He brought it to me today as it's now asking for a system repair (win 10) which obviously won't work. When I try advanced options to boot in safe mode it asks for a password, he never used one. Trying system restore only showed 2 restore points from 3 days ago which won't work either. I checked his hd for malware (ok) and copied/saved his personal data and came across Teamviewer which he denies installing.
The logfile looks very interesting though if I really understood it, looks like some real dodgy stuff went on last week. Would appreciate it if one of our trusted members who has the skills could decipher it for me. I know it's probably going to have to be a "nuke and pave" but the required password may be hidden in that logfile.
Just thought to add that Teamviewer connected to his laptop 5 times between the 7th and 14th of this month.
Last edited:
roud:
