Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Customer fell for one of those calls


  • This topic is locked This topic is locked
5 replies to this topic

#1 ToddAndMargo

ToddAndMargo

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 June 2013 - 10:20 PM

Got a customer call on Thursday.  He fell for a phone call telling him he was sending out viruses and that the caller needed to remote log in.  The customer allowed him to.  The criminals did not ask for payment, so presume they dropped something on his machine.

I told him to leave his computer off till I got there tomorrow (Tuesday).

What kind of malware do you suppose they deposited?

 

Any special scans to do or just the standard stuff?

Many thanks,
-T

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:40 AM

Posted 25 June 2013 - 02:11 PM

Personally i'd wipe the drive and start afresh as the potential for maliciousness where somebody has/had uncontrolled access to my system would make me too nervous to do otherwise - better safe than sorry.


So long, and thanks for all the fish.

 

 


#3 ToddAndMargo

ToddAndMargo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 25 June 2013 - 02:24 PM

You are, of course, correct.  Problem: he will *lay an egg*.  "Disks?  What Disks?  How much is this going to cost?"  Won't be pretty.

 

Do you have any less drastic suggestions?

 

I'd love to wipe him clean and install Fedora.

 

Thank you,

-T



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:40 AM

Posted 25 June 2013 - 04:34 PM

You are, of course, correct.  Problem: he will *lay an egg*.  "Disks?  What Disks?  How much is this going to cost?"  Won't be pretty.

Probably not, but I suggest that you point out the potential for identity theft and the associated costs and top that off with the idea that if his system becomes a spambot then he could well lose his internet connection because of it - depending on the ISP he has.

You could also explain how misguided he was to allow someone he didn't know access to his computer, but that may just makes things worse.

 

Do you have any less drastic suggestions?

Make him a coffee.

 

If he wants a clean system and you want him to have a clean system and more importantly you both want to be "sure" that the system is clean then I don't see that there's any other option - it's what I would do with one of my family's machines if they had this issue.

Given the limitations that scanners have, infections come before cures, I can't tell you that this scan or that one will be sufficient to guarantee a clean machine and even if you run multiple scanners you simply reduce the likelihood of a missed infection rather than eliminate it. Explain that less dramatic = less guarantee and if he's happy to work with that, run a couple of online scans and bill him.

 


So long, and thanks for all the fish.

 

 


#5 ToddAndMargo

ToddAndMargo
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 27 June 2013 - 12:51 PM

Hi Guys,

 

The one thing I have learned about this field is, with certain notable exceptions, to never trust the symptom the customer tells you.  And mpt to think about it too much untill you actually see what is going on.  You all know what I mean: "I need a new mouse".  Which of course means you need to teach the customer how to reboot his computer.  Well, this customers has almost no computer skills.  I was at his house yesterday and got to see first hand.  Customer: "He logged into my machine."  Translation: "he told me some buttons to press over the phone".  The criminal never actually remoted into his machine.  Two hours of scanning and consulting/questioning later, I finally figured out what had actually happened.  The criminal had him open up his event viewer.  Then go into filter and turn off Errors and Alerts.  But at this point the customer had such a hard time following and kept asking the criminal to repeat himself because of his accent that the criminal got frustrated and hung up on him!  HYSTERICAL!!! 

 

You know what was coming next.  "Look at all the errors I fixed for you.  May I have your credit card to pay for what I just did for you?"

 

And yes I got paid and got my hand shaked.  He has a failing hard drive too: he had bazillions on atapi red marks in his event veiwer.  Since the computer is about 11 years old, customer and his wife want XP, and I can still do that, its looks like I will get a new computer build out of this, "eventually".

 

Thank you all for the tips and moral support!

 

-T



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:40 AM

Posted 27 June 2013 - 02:17 PM

Always nice to hear a heart-warming story.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users