Comment personal and technical responses (Score 1, Insightful) 320
There's (at least) two sides to this:
Personal:
Credit agencies: So, this is a tech site, but before getting down-and-dirty with trying to fix his computer I would strongly suggest contacting the credit bureaus and put a hold on things. This will protect him from someone trying to open a new credit account in his name.
Credit cards and Banks: Depending on your level of paranoia, have him contact his credit card companies and banks and ask them to issue new cards. Of course, that may in turn require updating any pre-authorized billing he may have set up.
Authorities: Consider contacting the police and/or your Attorney General. They may be interested to hear a report of this.
Technical:
Forensics. If there's any question about needing to retain documentation about this, consider pulling the compromised drive and storing it. If access to existing data is necessary, put in an external enclosure, mount it read-only under Linux, and copy data from it.
Passwords: change passwords on all on-line accounts from a non-compromised system.
History: Look in whatever history information you can get. Take a look at his browser history, firewall log, command line history, registry, etc. This may help you to assess what level of damage you're dealing with.
Clean or Fresh? One can probably get away with formatting the drive and reinstall. But, in full paranoia mode, have him buy a new PC (cost of this provides reinforcement of prior warnings that were ignored.) Restore data from malware-scanned backups or from read-only access from pulled drive. I've read reports about malware hiding in USB keyboards and printers, so a reformat and restore onto the original machine may not be sufficient.
Family:
Possibly the hardest part of this is the fact that you're dealing with a parent. They were (hopefully) patient when you were learning all about the world as a child. It's helpful to try and bring an attitude of patience and tolerance to this situation. Let him face the consequences of his actions by having him make the phone calls to banks, credit agencies, etc. Let him pay for the cost of a new drive or PC. (Negative reinforcement) But also thank him for being honest with you about what he had done. Better this than to find out later he'd been scammed out of thousands of dollars because he was afraid to tell you what he had done. (Positive reinforcement.)
Finally: good luck!