A seemingly sane, logical, intelligent chap we know rang up in a panic last evening. He had received a phone call purporting to have come from Microsoft technical and telling him his computer was being attacked. Bizarrely he got sucked in and has been persuaded to part with more money than the laptop cost to prevent his machine being locked up. Doh.

I don't know exactly the sequence of events except that he was directed to turn on the machine and do stuff which has resulted in said machine being locked up. Stuffed.

He says that when powered on it comes up with something about "keyboard" that he doesn't understand. Nothing responds.

He doesn't do much stuff on the machine but we have trained him to keep all of his (few) personal data files on a couple of memory sticks so he might not have lost any important documents.

The machine is a 4 year old Samsung i7 laptop, originally with Win8 but since upgraded to Win10.

Where do we start to unravel this and rebuild?

I can remove the HDD and plug it into a caddy which I can use on either Win7 or Linux Mint platforms. This might allow me to see what is on the HDD but I don't know what I am likely to see or what to look. Both of these machines can be rapidly rebuild if anything bad happens as neither has any data which I don't have stored elsewhere. Neither of these machines needs to be networked of WWW connected.

Thanks for looking, do any of you want to rise to the challenge?

To be honest I think it's one of the occaisions when it's best to seek trusted professional help to ensure that all the possible back-door techniques have definitely been expunged. I had to do the same a few years back when my late mother fell for just such a scammer, and the specialist showed me the nine different "hooks" that the scammer had installed. The chap I used is a local whose main business is providing IT support to tiny companies - he's just over the valley from me. If you don't have anyone local that you know about I guess you might be quite close (Berkshire's border isn't that far from me), so if you want his details drop me a PM.

If there's nothing on the laptop that needs retrieving then I would just go straight for a factory reset (there'll be an F key you press at startup for it, differs from one manufacturer to another). Trying to rid a machine of unknown nasties is a long job and you'll never be 100% sure they're gone.
If there is stuff to retrieve then HDD in external caddy (preferably on Linux) would be best/quickest probably.

Personally I'd boot with a live Linux CD/USB to see what's recoverable. Replace the drive if you want to retain it for possible later recovery or want to ensure the laptop is clean. Assuming they haven't tampered with the firmware.

Now might be a good opportunity to replace the drive with an SSD and simply install Win10 - there's no need to install Win7 first.

I have Win7 and Linux disks but the only copy of Win10 we have is on the stuffed drive. Now you have to pay for Win10........... The original Win8 we have is on another partition of the stuffed drive.

Be a shame to have to buy an OS given that one was already paid for on the machine.

MS keeps a hardware "fingerprint" of installations that have "digital entitlement" to Win10 (derived from upgrading from a valid Win7/8 installation) and uses this to "authenticate" a re-installation. All you need is the installation media for the right version, language & bitness of Win10. I've reinstalled Win10 on laptops that had been upgraded from Win7, then wiped.

Go here using a non-Windows computer to download an ISO. If you use a Windows computer it downloads a tool that gets rather annoying.

https://www.microsoft.com/en-au/software-download/windows10

I have the machine that is stuffed here now and another one like it which is still on Win8. I just intercepted the bios on the Win8 one and find that booting from a memory stick (actually it will be an SD Card) is not one of the options available in the boot priority list. It offers boot manager (whatever that is), the hard disk or the DVD rom drive. Will the memory stick option come up if one is inserted?

I am just putting Linux Mint onto a SD Card, am I wasting my time?

Not sure about SD cards but usually there needs to be a USB drive plugged in for it to show as a boot option.

Not sure about SD cards but usually there needs to be a USB drive plugged in for it to show as a boot option.

SD cards are fine, just need to get into the BIOS and enable boot first from "other" depending on BIOS nomenclature or interrupt the boot process to get to "select boot medium". All my computers are set to boot first from USB/SD then DVD and last from internal disk. If it is a fairly modern machine with UEFI "legacy boot" may have to be enabled for some Linux variants.

R6A I've been a Linux user since 1993 so PM me if you need help.

Andrew,

If you know the exact model you should be able to find the user manual on Samsung's website which will guide you through the BIOS settings and options. You can also ensure that you get the latest firmware and drivers while you are there.

As le Pingouin says, it sounds like the perfect opportunity to put in a newer, larger, faster, SSD disk to replace the "possibly infected" one, which you can keep in case you need to recover any files from (but not boot off).

SD

I have tried all of the perms and combs of secure boot, boot options, legacy and UEFI as far as I can see. It still fails to offer me an option to boot from anything except Windows boot manager (P0: ST1000LM024 HN-N101mbb). There were two other options which I think were the CD rom and the HDD but they went missing when I changed to UEFI only and then back to UEFI and Legacy. An example of "how to" I saw on the WWW showed many more devices to choose from but I can't persuade them to show them selves.

I have put a Linux boot SD card in the slot but it doesn't offer me it?

if I intercept boot with F10 it offers me the Boot Manager, the CD Rom and the HDD. There still is no option to select SD Card boot source.

Please tell us the model details of the laptop.

SD

I'd try using USB instead - it appears many laptops won't boot from SD card.

The laptop is a Samsung NP350V5C.

I have the hard disk out of the machine to allow interrogation by my Linux machine using a caddy.

The working one prompted me to install updates last evening and I let it, thinking it would be ready to play again by the time I had finished my dinner. NO. Two hours later it was un-installing the updates as it had failed to re-boot the first time. It did this twice so I left it (as advised - do not switch off) and went to bed. Seems to have sorted itself out as it is working this morning.

It's hard to tell but given the boot options screen listing I'd say no-go with the SD card option.

Andrew,

On page 86 of the user manual the boot order options are listed. If the laptop can boot from the SD card, you would need to have set the priority such that USB HDD is the first device in the list, as that is how an SD card would appear to the system (assuming that boot from SD card is supported at all).

SD

Just checked, I thought I might fool it by putting the SD card into the USB disk caddy so it appears to be a USB memory device. It still doesn't list it.

When I try to read the hard disk (removed from the machine) on my Linux machine it comes up as half a dozen "directories" of which only one "mounts" and can be accessed, I assume that they are all partitions on the drive.

I'd suggest trying "fdisk -l" to see what you've got.

Last evening I got impatient and, having failed to find any form of boot using a USB plug in (SD card in an adaptor, hard disk in a caddy, USB stick, all with Linux Mint bootable) I plugged the removed hard drive into a Win7 netbook using the caddy and went inside. The backup partition was not visible but I think I saw everything else. I searched for all spreadsheet files, text files etc and found none that needed saving away. Searched ALL Files with mod, create or access on the day the poop hit the vanes and deleted the lot.

After replacing the drive in the stricken machine it still didn't want to play (no surprise) so I hit F4 and did a reinstall to 2013 status Win 8. It Lives!

I have been pushing it to gather all of the updates and security fixes today. It is getting there.

The lying cheating b'std that rang up and started all of the trouble rang again today! How stupid is that? Didn't withold number but probably didn't provide his own number. The credit card folk must know who/where he is if the money is actually going to get to him. Perhaps they will do something about these scams? No, I thought not.

Good stuff. You should be able to then upgrade to Win10 for free if desired seeing as the computer has already had it installed as it has "digital entitlement".

I never did get an SSD to work in my Lenovo PC. Pity, a fast machine, even if built out of tinsel.

I too will lose my W10 if I am not careful since I upgraded it from 8.1 free.

It ran well on the 2TB drive but I did want that SSD front end. A pal spent hours trying the same thing and went out and bought a hi end load of bits with an Asus board. Funnily enough, that MB failed. The local dealer put him right.

Anyway, I can open my W10 via my MS account, but if I want to sell it (I do) I'd like a proper Key.

I'll try again shortly.

Rivets, you won't lose Win10 - once a system has been upgraded to Win10 it has "digital entitlement" to Win10. MS keeps a hardware "fingerprint" on record and uses that to "authenticate" the system, meaning if you reinstall Win10 this fingerprint is used as the means of authentication rather than you (or the firmware) providing the key. There is no "proper key".

...........from Microsoft technical and telling him his computer was being attacked.

My call came this morning, not from Microsoft but from my local ISP, heavy Indian accent and anyway totally unreadable due to the volume of noise in the background, sounded like a busy Indian restaurant.

I asked the caller to hang on, and placed the telephone down in front of the active TV.

One hour later there was no one on the line - what should I do ?

the stuffed machine is now back up and running Win10. Thanks to all who helped me sort it out.

As an aside, the owner is quite hostile to the notion that LibreOffice might be used instead of Excel !!!. When the machine was new he needed access to a spreadsheet and the information in it from his previous machine. AT the time that machine was US, the hard disk had ground to a halt after 13 years of whirring around. I took the drive out of the machine and we warmed it in an oven, just enough to soften the congealed oil in the bearings but not enough to cook the unit and then I popped it into my disc caddy and sucked the necessary data from it before it cooled down. I then showed him the spreadsheet opened up in LibreOffice but he still insisted on spending hard earned on a new copy of MS Office, bought on line and installed without backup/recovery. Lost it all.

Just to assist like, I have installed LibreOffice for him, just got to persuade him to try it........

You should get your friend to contact his credit card company, tell the he got scammed and they will reverse the transaction.

A guy I work with got caught by the same scam, and we told him to do that. They did a reversal on the spot.