So I was partially scammed. Got a phone call from a person stating he is from Microsoft and a serious threat has been detected in my computer and they will help me fix it. I was suspicious so the guy made me go to my computer, click computer, manage, event viewers, then custom and I see warnings and errors so i started to be worried. He asked access to my computer through Teamviewer again suspicious he makes me go a website enter a number for Microsoft company and I see it listed. Stupidily I let him access. He opens a few windows I see him running CMD and at the end of the CMD where I see all the data running ultra fast I get the message your microsoft licence has expired risk of crash imminent renew so the guy said I have to renew and when he said I will be directed to a payment page I switched off the computer forced from buttom and hanged the phone. I changed my passwords for everything from another computer just in case (online banking, emails etc...) and after restarting my pc again run all kind of anti viruses. Ad-ware finds issues but after cleaning keep finding the same. Spybot detects 2 Win32.downloader.gen but I keep getting the same threat after cleaning over and over which brings me to Bleepingcomputer website looking for solutions. I had to uninstall teamviewer. When checking the activity log I saw "he" was connected again without permission. Every time I ended teamviewer in task manager it started over and over so I exited programme and uninstalled. Spybot is clear now thanks to Rkill and AdwCleaner. My Ad-Aware keeps finding 1 threat even when running those programmes though.
Im concerned by the Rkill log that states:
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* HOSTS file entries found:
20 out of 15490 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 08/24/2013 03:14:53 AM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
Does that mean those websites have access to my internet connection or are they blocked? Sorry I am not very computer litterate so learning. I have also the teamviewer log if someone can check any info from it to see what they ve done to my computer. Thanks a lot.
Edited by hamluis, 23 August 2013 - 01:57 PM.
Moved from Win 7 to Am I Infected - Hamluis.