Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phone call to turn on computer


  • Please log in to reply
3 replies to this topic

#1 luckey115

luckey115

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 22 February 2014 - 05:48 PM

My parents got a strange phone call yesterday.  Their computer has been down for over a week, from what we thought was a dead battery (new one arrived from Amazon yesterday coincidentally).  My mother said the call went something like this.  "Hello, this is so-and-so from [garbled].  We noticed you haven't been using your computer in over a week.  Are you having trouble?  Yes, the batter is dead.  No it's not, it should be fixed now.  Go ahead and turn on your computer and it should be fixed.  Who is this?  -hangup."  Of course they turned it on and it started working on what we thought was a dead battery!  Only thing is the browser loaded to something about:

 

  1.  Trojan-PSW.Win32.launch
  2.  HackTool:Win32/Welevate.A
  3.  Adware.Win32.Fraud

 

Anyways, what in the world???  How would someone know that her computer was down for a week and why would they call.  I've been in tech for a while, but this one takes the cake.  Any ideas/experiences/suggestions?  Thanks.  



BC AdBot (Login to Remove)

 


#2 Uselesslight

Uselesslight

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Armstrong, BC
  • Local time:11:44 AM

Posted 22 February 2014 - 06:34 PM

I've never heard of a phone call like that, but there are similar ones with people pretending to be Microsoft Technicians.  They get you to download a teamviewer app and then do a bunch of service work on the computer but afterwards, they tell you that unless you pay them a certain amount of money (I've heard a lot of different amounts) that you're computer will be locked out until you pay.  The last thing they do is put encrypted Syskey on the system to lock you out very successfully.  On WinXP I've had luck performing a manual system restore but on WinVista/7 that's not been successful and it's usually always resulted in having to reinstall Windows.



#3 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:01:44 PM

Posted 22 February 2014 - 06:55 PM

Well, hacktool:w32/welevate.a is a piece of malware which is classifieds as a hacktool which if you dissect the name states it gains raised user control or administration account control, what could of happened was the software was loaded, the person connected to their computer using a vnc and spied on their computer usage, snooped around on their computer and looked at files, if they have banking or personal files they could of gotten their phone number from a file then used the remote accesses to shutdown the computer after installing something into the system bios which was triggerable via network (either Ethernet or wifi) to disable the charging circuit, then after the perp got any info (maybe credit cards or banking info) he or she called them up, said that they knew their computer was not starting up to do sorta a creepy power play on them, enabled the bios level hack to turn on the charging/power circuit them hung up and did lord knows what with what ever they may have taken from the computer. Sounds crazy? Look up the scary stuff the NSA has implanted into Intel CPUs, WIFI chips, USB connectors, so I wouldn't out it past an ingenious hacker with an ego to take some of the leaked NSA docs that detailed this sorta software and how to infiltrate the chips, got some of the decompiled code from the Internet and wrote his or hers own flavour and loaded it on their computer.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:44 PM

Posted 22 February 2014 - 07:07 PM

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  •     Click on Change Parameters and click Detect TDLFS File System.
  •     Click the Start Scan button.
  •     Do not use the computer during the scan
  •     If the scan completes with nothing found, click Close to exit.
  •     If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  •     Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  •     Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  •     A TDSSKiller text file would be saved in Local Disk C.
  •     Copy and paste the contents of that file in your next reply.
ADW Cleaner


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users