Help unlocking my grans phone and laptop after scam call
Discussion
Evening all,
I wonder if anyone has any ideas on how to get a Samsung and a Windows laptop unlocked after a scam caller talked my gran in to letting him have access. It sounds a bit like they rang pretending to be from BT and they were checking her internet perfomance. They then asked her to turn on her laptop and the press CTRL and R. They then show her some bulls**t about how many errors there were and that they could fix it. Somehow they kept her at it for 2 hours! The end result was them seemingly not getting anything, but my gran has warned her bank etc. They have however added a password to her laptop and a pin code to her phone. Both of which are now unusable. Its a long time since I did any PC fiddling, my first idea was to press esc/f1 while the bios was loading (I told you it was a while!) so I could try and run in safemode but alas when you turn the laptop on the first thing you see is the password screen. Does anyone now what they may have done in this scam? Do they just use some sort of remote desktop and just have a mooch about and try and gather password or is there any virus/malware involved. The only thing she really cares about is photos which may be on the laptop and phone of all the grandkids. I guess worst case with the laptop I can pull the HDD out and use a usb adapter and get them that way, and I do the same with the phone by taking out the SD card and hope everything is stored on the card and not the phone. The only thing that does concern me is whether there is any danger to any PC that I connect the HDD or the SD card to.
Shes not really that bothered about using the laptop again, shes never really been much good on it but is ok with her phone, so with he dodgyish eyesight I suggest I get her a tablet instead, and I'll get her cheapy smartphone to replace her samsung. It would just be nice to get back any pictures shes got stored on the laptop and phone without infecting my laptop.
Cheers
I wonder if anyone has any ideas on how to get a Samsung and a Windows laptop unlocked after a scam caller talked my gran in to letting him have access. It sounds a bit like they rang pretending to be from BT and they were checking her internet perfomance. They then asked her to turn on her laptop and the press CTRL and R. They then show her some bulls**t about how many errors there were and that they could fix it. Somehow they kept her at it for 2 hours! The end result was them seemingly not getting anything, but my gran has warned her bank etc. They have however added a password to her laptop and a pin code to her phone. Both of which are now unusable. Its a long time since I did any PC fiddling, my first idea was to press esc/f1 while the bios was loading (I told you it was a while!) so I could try and run in safemode but alas when you turn the laptop on the first thing you see is the password screen. Does anyone now what they may have done in this scam? Do they just use some sort of remote desktop and just have a mooch about and try and gather password or is there any virus/malware involved. The only thing she really cares about is photos which may be on the laptop and phone of all the grandkids. I guess worst case with the laptop I can pull the HDD out and use a usb adapter and get them that way, and I do the same with the phone by taking out the SD card and hope everything is stored on the card and not the phone. The only thing that does concern me is whether there is any danger to any PC that I connect the HDD or the SD card to.
Shes not really that bothered about using the laptop again, shes never really been much good on it but is ok with her phone, so with he dodgyish eyesight I suggest I get her a tablet instead, and I'll get her cheapy smartphone to replace her samsung. It would just be nice to get back any pictures shes got stored on the laptop and phone without infecting my laptop.
Cheers
If they've encrypted the drives on both devices then there's little chance of getting access without the encryption key. There's a reasonably good chance they've done this, bit then scammers vary quite significantly in their quality.
Can you post a picture of the password screen and then it might give a better idea of what you're dealing with.
Can you post a picture of the password screen and then it might give a better idea of what you're dealing with.
Unfortunately I left the phone and laptop at her house and I've just got home. I left them there intentionally, not knowing whether my gran had ever connected either to the wifi in my house as I didnt want anything nasty running amuck on my network. As far as I remember though each device just just showed the standard pin/password screen. The laptop did show "Lifetime Blocked" but that just seemed to be the username that they had used when they turned the password on, ie, instead of saying "Bob" it says "Lifetime Blocked", I guess it helps scare people. Actually thinking about it, the only other difference was it you clicked "reset password" it asked me to insert a USB flashdrive.
You were right to leave the devices there, or at least to not connect them to any network, ever.
It's unfortunate but going on what you've said you can never trust either device ever again. Keep them offline and then factory reset/reformat is the only safe way you could ever use them. Even if you can log on I wouldn't trust them to not send every keystroke to some dodgy server, somewhere.
It's unfortunate but going on what you've said you can never trust either device ever again. Keep them offline and then factory reset/reformat is the only safe way you could ever use them. Even if you can log on I wouldn't trust them to not send every keystroke to some dodgy server, somewhere.
What I may try is dig my old-old laptop that can barely wheeze itself into life, and try and plug the hdd from the laptop and the SD card from the phone into that with any wifi turned off and see if I can reclaim any of the pictures. If we assume the worse and there is a key logger on the hdd or the sd card, would a free antivirus software on my laptop pick up/remove it?
Ultimately if shes lost the pictures its not the end of the world, most would only we ones that we have sent her so can always resent. The only ones I'm not sure of are things like old holiday snaps, but lets be honest, how many of us actually bother looking at them after we've come back and shown the rest of the family!
Ultimately if shes lost the pictures its not the end of the world, most would only we ones that we have sent her so can always resent. The only ones I'm not sure of are things like old holiday snaps, but lets be honest, how many of us actually bother looking at them after we've come back and shown the rest of the family!
extraT said:
What device is the phone? I guess there wasn’t any cloud back up (like iCloud or Google Drive) on there, where pics were backed up?
Good luck.
Some sort of Samsung, but I can't imagine shes got any backup setup on it unfortunately. Like all of us, probably never thought she would lose access to her data. Good luck.
james6546 said:
Is there an option to switch the user on the laptop?
I'm wondering if they just created a new user.
In the past I've used a tool to create a bootable version of Windows on a USB drive which you might be able to do. It's been years since I've tried though
Thats the sort if thing I think they've done. But I think they may have just changed her username to Lifetime Blocked so theres still only 1 user. I wonder if I can create a bootable using either my laptop or PC on a sacrificial sd card any try that.I'm wondering if they just created a new user.
In the past I've used a tool to create a bootable version of Windows on a USB drive which you might be able to do. It's been years since I've tried though
I'm away from tomorrow for the weekend so It'll have to wait until next week, but at least I've got a couple of things I can try. Thanks guys.
Oh and I've just ordered her a Fire 10 tablet and a cheapy LG phone so at least shes be up and running again. She usually texts us all every day or so to keep in touch, but until her new phone comes shes either have to ring us or god forbit have a conversation with my gramp!!
I have used this bootable cd tool a few times to wipe unknown windows passwords and get back into PC's:
https://pogostick.net/~pnh/ntpasswd/
It basically removes the user password so you can login without it. Not updated since 2014 but I bet it still works.
https://pogostick.net/~pnh/ntpasswd/
It basically removes the user password so you can login without it. Not updated since 2014 but I bet it still works.
typically these scam are calls from "Microsoft support" and get the victim to install some kind of software, usually at a cost to them, to solve lots of errors. This ends up with the victim having pointless software installed, the sweatshop knows they are a good victim and has remote control to the device and then call up again to make more "fixes" and charge more money.
are you suggesting that there is a password screen on the laptop now? Is it the Windows home screen or is it some overlay? Some scams basically involve loading a "lock" screen demanding some payment as well.
she should block and change her credit card as I assume she gave them the number.
I do not expect them to have encrypted her documents or anything.
Also what appears to be up with the Android phone? There is no mention of that.
are you suggesting that there is a password screen on the laptop now? Is it the Windows home screen or is it some overlay? Some scams basically involve loading a "lock" screen demanding some payment as well.
she should block and change her credit card as I assume she gave them the number.
I do not expect them to have encrypted her documents or anything.
Also what appears to be up with the Android phone? There is no mention of that.
The laptop does just seem that theyve just changed the user name and added a password whereas the laptop used to just boot directly to the desktop.
Her phone is now basically the same. She's never had a pin code on it, but not it has. I don't think they directly asked her for any money, I think they're were just trying to get in to any banking apps on the laptop and phone. She rang her bank and cancelled everything and get bank did say that someone had tried accessing it but had been blocked.
Thank you everyone else for the bootable disk tops, I'll have a look into it and see if I can recover some of the pictures. But if anything looks like it may be infectious I'll have to leave it.
Her phone is now basically the same. She's never had a pin code on it, but not it has. I don't think they directly asked her for any money, I think they're were just trying to get in to any banking apps on the laptop and phone. She rang her bank and cancelled everything and get bank did say that someone had tried accessing it but had been blocked.
Thank you everyone else for the bootable disk tops, I'll have a look into it and see if I can recover some of the pictures. But if anything looks like it may be infectious I'll have to leave it.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff