My mom got one of those popups telling you that her PC was infected and to call this number, and called and the hackers went to work on it. She finally called my sister who told her to get off the phone and shut down until one of us could take a look. I don't know too much about this stuff so I don't know what's the possible damage and what it will take the re-secure it. She doesn't bank online or do online purchases so it's highly unlikely that they would get much other than her gmail and facebook logins.

If we can get into it and reset it to a restore point is there anything to keep the hackers from getting back in?

If all she does is gmail and facebook, format the drive and reinstall Windows. Not hard to do, and in that situation the easiest thing to do.
She won't lose her gmail, and facebook is a simple install. If there are pictures she wants to keep, copy those to a flash drive or something. Disconnect it from the network first.

It not your mother's fault. I get hit about once a year.
Last time I googled on something (virus popup?) and found that disconnecting from the internet and reloading the browser was adequate. I then ran several virus scanners, but they didn't find anything, and I haven't any identity problems. YMMV!

Those ransom things are usually just a web page that you can't get rid of. I don't know how "open" Win 7 is but on a current version of windows you can just shut the computer down and then when you start the browser up again, delete the tab with the ransom before it loads

Alternately, instead of shutting down, press crtl-alt-delete and open the task manager. Then shut down your browser.

Mike

If they got into her computer you have no idea what they may have placed there. If she gave them the IP address of her computer and they were able to remote access the machine the only real safe thing is to start over.

Like others have said, backup photos, but remember if they infected the computer with a virus it may transfer to your picture backups.

Now you can see why it is very important to do backups of your stuff. Even better is a recent system image which would bring you back to the time you took the image. But it would eliminate you having to reinstall all your software.

I don't think we have a Windows installation disc. Would rolling back to the previous restore point no be sufficient?
My chief concern is that if they got the info they needed to get in once, is there anything to keep them from getting in again later?

I don't think we have a Windows installation disc. Would rolling back to the previous restore point no be sufficient?
My chief concern is that if they got the info they needed to get in once, is there anything to keep them from getting in again later?

They didn't get in once. Google is your friend.

Apart from formatting the hard drive and re-installing, you might want to virus scan any data files before you restore them onto the clean drive. I would also recommend changing passwords. If there is a network at your mom's house, you may want to check anything attached to the network as well as resetting the router's password (a good hacker could easily have changed or removed this to allow an entry point at some time in the future). If there were ANY documents or files with personal data related to finance or social security etc, you should assume the worst and put a watch on credit reports as well as informing any financial services impacted

That entire hard disk needs to be blown and start fresh. She needs at LEAST windows 8, but I recommend 10. Windows 7 is no longer supported by MS, which means they are no longer sending out security updates for it. Windows 7 is full of holes and back doors - it would shock you.

Does she have an old machine? What are the specs? Any reason she can't run Windows 10? It's a $100 product key, and can be installed from a USB stick.

Wide range of advice from "you are OK" to "blow up the hard drive". Personally I would do what you alluded to in your original post, do a system restore to the last known good restore point, if there is one. While it is possible they planted a virus or did some other nasty stuff, most likely they were just selling overpriced virus scanning services. But then I believe most people are basically good, just trying to make a buck and survive. I have been hit a few time with ransom-ware, and that did the trick with no lasting results.

If I understand correctly that she allowed them to remotely access her computer then they may have had time to make changes difficult to undo. It may be possible for someone who knows what they are dealing with to recover it if they didn't get very far in making changes but it will probably cost money. My friend had this happen a year ago to her and her apple computer. She took it to Apple store and they wiped hard drive and reinstalled system. She lost her data including pictures but I had copy of most of it on my computer so not too big a deal.

Why not look into buying a new Windows 10 machine with current technology. Maybe something other than a full blown PC and then help her set it up so she can do her email, Facebook, music or whatever she uses it for? The newer video technology and SSD is quite nice to have. It could be portable like a Microsoft Surface. Hopefully she has her user names for services she uses. If so, she can usually recover passwords by just doing the "lost password" thing. This will require she have access to her email.

IF she lost access to email because the intruder changed her password then she can have google reset it if she has her phone number or another email account on record with google for emergency use. If not, then it will be a huge effort to get google to fix it. If that is the case then PM me and I can tell you what I had to do for recovery of my lost google account. A foreign outfit got my account by phishing scam on me. They had hacked a friends computer and then sent me an email from him with a link to something I was interested in. That was all it took.

That entire hard disk needs to be blown and start fresh. She needs at LEAST windows 8, but I recommend 10. Windows 7 is no longer supported by MS, which means they are no longer sending out security updates for it. Windows 7 is full of holes and back doors - it would shock you.

Does she have an old machine? What are the specs? Any reason she can't run Windows 10? It's a $100 product key, and can be installed from a USB stick.Win 7 IS still being supported, I just updated 2 laptops yesterday. If I remember Windows said they would continue through 2018, not sure about that, but I do know it is still being updated. I just checked, it is Jan 14 2020. https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

Win7 is still a major business platform. And Win8 and Win10 are not as business orientated as Win7

I chose Win7 because of the platform and less bloat and the major reason is Win10 is a spy system. I don't have a touch screen, which Win10 does a lot better than Win7, so I'm good by that.

Win 7 IS still being supported, I just updated 2 laptops yesterday. If I remember Windows said they would continue through 2018, not sure about that, but I do know it is still being updated. I just checked, it is Jan 14 2020. https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

Did not know that. Also, I didn't mean to blow the hard drive up, as in, explode it. That's just a term I use for 'formatting'.

When everything happened originally, my sister logged into Mom's email and Facebook and changed the passwords before anything happened to them. I was finally able to go Wednesday night and first thing I did was a factory reset on the router and set up a new login.

I did a System Restore on the PC, which rolled it back to factory release. Did hours of Windows updates and finally got it back to a usable state. The only important things lost were photos, but my sister has all of them backed up at her house.

Mom said that while the guy was on the phone he asked what she used her computer for and asked specifically about online banking or shopping. She told him the truth - she only does Facebook and email.

All that done, what is the likelihood that they could get in again without permission on her end?

It's also possible to download genuine Windows images from Microsoft for anyone who wants a clean install. You still need the 25 character key. You may need to go on a driver hunt.

https://www.microsoft.com/en-us/software-download/windows7

All that done, what is the likelihood that they could get in again without permission on her end?
I have had many people comment to me that they had a pop-up like she did. So they clicked on it, or made the phone call.
They ALL said they were amazed at what they saw on their monitors. These guys get remote access and have absolutely free reign on your computer.
NONE of those people knew what the guy was doing.

Formating the hard drive and starting all over is the ONLY sensible fix. In some cases you must flash the BIOS.

All that done, what is the likelihood that they could get in again without permission on her end?

That depends on whther this was really your mom's fault or if you were just blaming her to save yourself!!! :D:D:D

Seriously, while I cannot say that your restore point if trouble free, I would probably go ahead and run from there. Weigh this opinion in that I have a decent arsenal of virus, malware, etc. protection engines running. Give mom a stern talking to. Emphasize the fact that the most sophisticated security system that man can devise cannot protect against one boo-boo. Practice the basic habits:
- Never open an email if you were not specifically expecting it.
- Don't use the shortcuts that come in emails you were expecting; open a new tab and go to the site yourself.
- Don't use social media of ANY KIND . . . except woodworking forums (sorry, that just slipped out because it is my own personal policy)
- Keep your virus, malware, etc signatures up to date
- Keep you OS and applications up to date
- Have fun

I treat the internet like the Cocytus river leading to hell and I cannot actually remember the last time I had to rebuild one of my machines.