Cleaning a PC used to access illegal material

[integritysvcpro]

Would appreciate your perspective on this. I'm not an IT pro w/ a work lab or network available, so here goes. I recently took a machine to be cleaned & end user has adult special needs child whose former caretaker accessed some very dark &, frankly, illegal material on the machine. From the parents' description, the machine is infected w/ who knows what & they are seeing some pretty bad stuff pop up when a browser is opened. I haven't powered the machine on to see what exactly is going on. I would imagine I don't want to connect this machine to my home internet connection so this stuff won't be registered w/ my ISP as being accessed from my house. Would you just go back to the end user's home & work on it there? How do you guys normally handle that...or do you just give it back to the customer & say, sorry, I can't work on this?

 

[Sven1458]

If there is indeed illegal stuff on it and you know about it, not going to the police or whatever authority is warranted, would make you an accessory after the fact and as such subject to punishment.
Be very carful

 

[samuria]

I think you must go to the Police if its a special needs child then you dont know what this guy has done he may have done somthing to the chikd and if its his job he may do somerging to other children you cant let this man work with any kids

 

[RolandJS]

"...former caretaker..." that's the person who needs to be turned in; I think the pc might need a thorough rebuild from scratch, or, at the very least, an offline scrubbing of everything connected to the browsers and cache, with a side order of AV and AM deep scans.

 

[integritysvcpro]

Right on. I appreciate this guidance. I think the caretaker angle & whistleblowing was addressed, but now they're left w/ a mess. I agree...best way to address is complete rebuild, new HD, etc. However, if you download the latest & greatest of any of the popular free AV's & malware solutions, they'll install & run offline, right? I would imagine that whatever you download, the definitions are downloaded w/ it...I just wouldn't be able to run updates while I'm working on the infected machine. I'm thinking download program onto rescue CD or USB on an uninfected machine, then run CD or USB on the infected machine. I know all will be well as long as I don't connect to the web while it's in my possession...just delicate ground to trod.

 

[samuria]

If its been reported to the Police I would expect them to impound the pc for evidence if you interfere /repair without checking with Police it could be trouble