CCF Archive Site

Stupid end users clicky clicking on shit that random nobodies send them.

Hopefully Benali72 will weigh in here since he has a wealth of knowledge in reusing old computers.

The general idea:

Keep the computer turned off. Don't let it run in Windows any more.

Boot that computer from a Linux recovery disk (search old threads here for suggestions.)

Connect an external hard drive to the computer, and start copying off the computer whatever user data you can.

Run an anti virus checker on the copied data.

Basically, recover the data for later use, and then disinfect that data, preferably while running Linux. (Normies whose computers get p0wned don't run Linux and Linux is immune to most malware.)

Forget about recovering the wasted PC. At best you may be able to format the hard drive and reinstall Windows. That is really the only safe use to make of that PC.

You have to just know  an awful, awful lot to do all of these steps effectively and I've already suffered through enough of that kind of shit this past year and spent too much time writing up stuff. Check out the forums for more info.

It's a company computer, so I'm figuring they are going to have to deal with it

Then why  talk about it? I would surmise that if it's his employer's computer, he is to stay hands-off and not do any systems level work on it until their tech person looks at it.

This script was for you, not your brother in law. Don't give this info to him. Since he asked you for help, and since he was the miscreant who infected his PC in the first place, I assume he will be completely dangerous and make things worse. That's an end user, they mess things up.

I provided a complete skeletal schema for helping him with this. I figured you, since you are the family tech person between jobs, could use the experience.

It's kind of ugly work you may have no interest in, but putting yourself to work on something like this does several good things:

- You learn things.
- You exercise probably currently languishing problem solving abilities. (They do cross over. Problem solving I have to perform on web hosting issues or setting up Linux sharpens me for writing code, or even for figuring out why our self propelled lawn mower won't self propel.)
- You gain more self confidence in your problem solving abilities.

Even a home project like this makes one feel that they're still in the game.

All problems needing to be fixed are ugly and won't be the ideal work.

Preach mode toggle off now...

I hope he had his work stored out on the corporate network and not locally.

That is a very important point.

If his data lived on the company network - Then the laptop is just a thin client with a few apps, basically. It can be readily repaved.

I provided a complete skeletal schema for helping him with this. I figured you, since you are the family tech person between jobs, could use the experience.

It's kind of ugly work you may have no interest in, but putting yourself to work on something like this does several good things:

- You learn things.
- You exercise probably currently languishing problem solving abilities. (They do cross over. Problem solving I have to perform on web hosting issues or setting up Linux sharpens me for writing code, or even for figuring out why our self propelled lawn mower won't self propel.)
- You gain more self confidence in your problem solving abilities.

Even a home project like this makes one feel that they're still in the game.

All problems needing to be fixed are ugly and won't be the ideal work.

Interesting.  Maybe I'll call him.  We're not very buddy-buddy.  It would be doing a good deed.

Pxsant gave you a valuable tip. interview your BIL briefly. Find out:

What apps he needs most to have running?

What data he knows about that is stored on his computer? (DON'T turn the computer back on to find this! Follow my recipe. You can boot from a Linux CD safely and browse the hard drive safely. If you run Windows again the malware may start encrypting or eating his data.)

Again, in summary, two key things to extract from the guy:

Which programs he runs.

And where he is aware that data lives, on his computer, or just on a cloud account.

The cloud accounts will not be your concern since the malware can't touch them. You should only be concerned about locating data stored on the computer he has no other copies of.

Okay.  Thanks.  I'll give him a call and see where he stands.

I would definitely *not* regret losing the "opportunity" to help with this. 

The guy might even be running a Citrix or other remote session - remotely hosted Windows instances running in the cloud. They would just nuke the old VM and give him a new one. You can rent such a service from AWS now.

Wait a minute.  If he is on a corporate VPN this a much bigger problem whether the company realizes that or not.   On a corporate VPN, his system is nothing but a thin client.  When he is in outlook, he is on the VPN so anything he opens is opened at the corporate level.   He sees the open email on his thin client but Outlook and the actual email are open in the VPN space.

If he boots from scratch and never connects to the VPN, does he still have a problem locally?   Can he go out on the Internet over his own provider without the VPN active?

Depending on the answers, the issue could be restricted locally or the corporate servers could be the infection issue.

===========

Let me modify that a bit.   He may not be operating as a thin client after all.   With a standard VPN, he is probably connecting to remote servers as if they were local but all his apps including Outlook are probably installed locally.  So when he opens an email, it is local, not remote.

It depends on how his connection exists - e.g. if he is using Citrix it is different than a VPN.

His only option is to get his laptop back to the support people to have it checked out and reimaged.  The best option is if they ship him a replacement FEDEX and he can return the old one.