V lets me into her flat with a smile and offers me tea. At 67 she’s a tiny woman. She leads me down the gloomy hallway, then turns, her eyes magnified by the thick glasses she’s wearing, and asks me if I need more light. I knew that she was partially sighted but it’s only when we get to her PC that I realise how poor her eyesight is. She holds her face four inches from the screen and peers at the huge icons that Windows Magnifier has increased to 400% of their original size. On a good day she’d represent a glowing triumph of the Windows 7 Accessibility suite, but today isn’t a good day.
Yesterday she’d been called by a man claiming that he worked with BT and that they’d identified a problem with her PC. Over the next hour he installed several tools that would allow him to access her PC and spy on every keystroke and mouse click. He also claimed to have installed a 12 year license for antivirus software that was remarkably conspicuous in its absence when I arrived. For some reason he also screwed up her Windows themes so that her colour scheme had changed to some contrastless brown mess, and more importantly she couldn't use the magnifier tool. So having messed with a woman who he knew to be almost blind, what else is he going to do but charge £150 to her debit card for the trouble.
Today I set about undoing his work. The task is made harder by the absence of Windows task manager which means I’m prevented from checking on the running processes, and that in itself is a sure sign of a malware infection. After fumbling around for a few minutes on a painfully slow machine I work out that the hardware is fine, so the performance is down to the malware. For ease of use I turn off the accessibility features that are blocking most of the screen and reboot into safe mode. We have a varying palette of tools according to the changing nature of the threats we meet – today it’s Combofix followed by Malwarebytes, two superb free tools that we rely on pretty much every day. Interestingly the remote tools installed by the scammer have been embedded with nasty payloads – classic Trojans that I swiftly delete. A couple of reboots later and everything is running at a good speed and along the way I remove shedloads of crap installed by the nasty man. Then I do a low level sweep for any AVG components that I suspect may have been doctored, before installing Microsoft Security Essentials which is one the best free antivirus packages out there.
Now that I’m working on a responsive PC it only takes me a few minutes to figure out the issue of the themes that are affecting the magnifier tool (it requires an Aero theme to be turned on). Somewhere along the way V takes away the cup of tea which I’ve let go cold and brings me another. Then we sit down and I make sure she’s able to use the PC again. I’m learning as much as her – because she can’t see them very well the huge icons (four to a full screen) have to be in the right place – the scammer had added a few of his own, and it’s a bit like someday moving the furniture about – until I’ve got rid of them she can’t find her way about. I’m impressed that she know the exact order of each of the 20 or so icons on her desktop.
At the end she wants to pay me, but I've already decided not to charge her – it is Christmas after all. But actually it’s more than that; I wouldn't want to profit from the actions of the scum who caused her the problem in the first place. We arrange to talk later about recovering the £150 from the bank- I just hope they share the same ethos. And as for good will to all men? I'm afraid that doesn't stretch to everybody today.