I purchased a laptop for Mom and it instantly becomes infected with a Trojan.
I purchased a laptop for Mom and it instantly becomes infected with a Trojan.
I received my Mom a Framework 12 system. I assembled it, installed Windows, configured her Microsoft account, Office 365, and OneDrive. A few days later she shared a video showing the machine updating on a blue screen, but the mouse was moving deliberately—not randomly. She mentioned this behavior repeated several times and now she’s experiencing issues with her Amazon account and bank account. I took the computer back, turned it on, and noticed a remote access entry named "LogMeIn Resolve Unattended 5759594200671102485." I plan to reinstall Windows, attempt a BIOS firmware reset in case it’s compromised, and set her account to non-admin mode to restrict changes without my approval. What further steps should I consider? Beyond changing passwords, what if the BIOS is infected or there’s a malicious file in her OneDrive?
It seems she may have fallen victim to a fraudulent scheme and was persuaded to install remote access tools. Gather more details from your mother. Was she told to run any software on the machine? Did she get a notice about her computer being compromised or something similar? Has she talked to anyone by phone regarding this? Has she been paid by someone to repair the computer? Your mother should reach out to her bank immediately—use the official bank number, not one provided by the scammers. Turn off the computer until you can erase the drive and reinstall Windows. If they’re calling her, advise her not to answer and block the caller.
Firmware risks are minimal because it appears she fell for the typical tech support scam. Clear the SSD thoroughly and reset any saved passwords on the PC (especially if Chrome is used as a password manager, it might be altering them more than you think).
Thanks! I'll verify that. The last thing she mentioned was "I only downloaded Zoom and then this started to happen." She's been mentioning phone calls from her bank. I'll confirm it's her bank. Perhaps she could hang up and call the bank directly from her phone and ask for the caller's name.
I confirmed my plan by wiping her computer and reinstalling Windows from a USB drive. I also created a local "Admin" account and moved her account to a regular one, ensuring she can't install non-store applications without the admin password. Everything seems to be working well so far.
Make sure an ad blocker is installed. Kitboga supported or worked with https://www.seraphsecure.com. Good luck—I back my dad and have faced similar issues.
Based on what your mom is doing with the computer, consider trying Linux. I switched her to Linux a while back and haven't faced any problems. She mainly uses email and a web browser.
She likely opened the first option that appeared after searching for "download zoom," but it wasn't the real installer. The main issue isn't something like "it just happens." As Driving Miss Daisy might say, "Computers don't act—they're influenced by what's around."
It's true, the same situation occurred with my dad previously. Unlike him, he doesn't have any credit cards or online banking access. He uses the internet to reach out to local individuals selling cars and car parts. She relies on OneDrive for storing and sharing many photos taken on her iPhone, and she also uses Office applications. I wonder if I could persuade her to switch to LibreOffice or something similar, but... that's what I was considering.
OnlyOffice is your friend, it's much more similar to modern Office, blatantly so. It's free as well, and works on PC, Mac, and Linux. There's a onedrive client for Linux: https://github.com/abraunegg/onedrive And you can do the same thing on Linux as you can on Windows in terms of permissions, just don't add your mum's account to sudoers and she won't be able to install much other than flatpaks and I think appimages. Any distro with KDE Plasma as the DE will be the simplest for a Windows user to get used to.