For this you must be able to social engineer Admin access to the scammer machine.
Defender Control is a remarkable tool.
Once active/tamper protection is disabled manually in security, DControl allows any virus onto the machine.
For virus to be persistent on startup you must type UAC in start and lower the security.
You may also want to use WindowsUpdateBlocker.
This is a surefire recipe to stalk/destroy scammer machines.