Dad fell for online scam, home wireless network compromised?

manwiththemachinegun

So my Dad just fell for one of those Malware scams, specifically this one:

http://www.enigmasoftware.com/18442579402-removal/

He did give any banking information away, but he did allow remote access to his PC. My question is, I had my laptop pluggin in on his home network at the time. This is something I'm not super knowledgeable about, I don't think they'd be able to get that router information, but I can't say for sure. And if they did, would my PC and passwords be at risk?

Shadowfire

They could get access, but that's not their goal. It's generally to get access, point out "all the viruses" in the event viewer (which aren't viruses), and try and get money. Go over the computer to make sure no remote access programs are still installed (Teamviewer, Ammyy, GoToAssist, and LogMeIn are the most common used), and maybe run MalwareBytes to be sure.

I'd put money on your computer being just fine.

lunchbox12682

I would recommend that your dad's pc is reloaded if possible.
Depending on your knowledge, I would also take a look at your router for potential settings changes, but this is less likely.

manwiththemachinegun

lunchbox12682 wrote: »

I would recommend that your dad's pc is reloaded if possible.
Depending on your knowledge, I would also take a look at your router for potential settings changes, but this is less likely.

I reset the router and changed the password, ran a few malware scans on mine and I haven't seen any obvious changes. It's probably fine, but the part that had me worried was he did hand over remote access of the PC for a while before he got suspicious and turned it off.

Shadowfire

manwiththemachinegun wrote: »

lunchbox12682 wrote: »

I would recommend that your dad's pc is reloaded if possible.
Depending on your knowledge, I would also take a look at your router for potential settings changes, but this is less likely.

I reset the router and changed the password, ran a few malware scans on mine and I haven't seen any obvious changes. It's probably fine, but the part that had me worried was he did hand over remote access of the PC for a while before he got suspicious and turned it off.

I deal with these almost every day, and honestly yeah, they get remote access, but they're really just trying to extort money. The worst you usually see is the system gets a syskey password set and you're locked out. Your network is likely fine.

baudattitude

Your laptop is probably fine. His computer should probably be rebuilt from the restore discs if you have them, both for security purposes and as a punishment to underline just how bad of an idea giving remote access to a stranger is.

That's a bit glib, so I'll roll back the snark a bit. The issue is that someone with remote access could have installed anything, including very innocuous programs that could be used for malicious purposes. The example I use when I talk to people about what to do after they've been compromised is an ftp server running on their computer - no malware scanner is going to flag it as necessarily malicious, because an ftp server is something that you might have intentionally installed.

Shadowfire is completely correct in saying that they probably didn't have any goal beyond an immediate scare of "look at all these viruses! That will be $79.95 to clean them up!" but considering how much money ransomware scammers are making, there is strong incentive to leave something behind for a second bit of revenue in a couple of months.