Just today I got a call from someone named "Mike Anderson" (He gave a number claiming to be "Windows Tech Support" and he preyed on my lack of technical expertise. I feel like a freaking moron!
I am on the computer this happened to and do not have access to any other machines in order to download or transfer software. It runs Windows Vista Home Premium 32bit. I've had this computer very a very long time, and I feel so dumb that I fell for this! I thought stuff like this came in emails, not the phone! I don't even know how he got my number!
He connected to my PC using an Ammyy program and brought up a whole bunch of scary stuff. I told him "wait, I have McAfee, it blocks anything that doesn't belong. I also use Malwarebytes and it's done great for me."
The guy told me it's hackers, not a virus, and McAfee is useless, and proceeded to uninstall McAfee and my iObit defragmenter! He then installed CCleaner (I don't dare touch it). He had control of my PC and had me log into my email to send emails to a bunch of email addresses(he added them to my contact list).
I don't dare change any passwords until I'm sure there isn't anything still on this computer that can see what I change it to.
My Windows firewall is disabled and can't be reenabled. I tried to update Malwarebytes, but it failed and my computer rebooted itself. I went right to the malwarebytes site, downloaded and installed it without a problem. I ran in regular mode since I'm afraid to reboot in safe mode, but the scan picked up nothing.
I'm going to go through the steps listed in another post and hopefully find out whether I'm safe to restore McAfee or even run a system restore.
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.
Please download MiniToolBox to Desktop and run it.
Checkmark following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
This tool will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entries (values, keys).
Please advise! Also, again, be aware that I am using the PC this happened on and I'm afraid to reboot it again and have it not start at all. I can't disconnect my router from the internet without cutting off the telephones as well(Time Warner).
The only other option for internet access in the house is my mother's iPad.
I feel like such a fool. This person sounded genuine and UGH! I'm crying and glad I have my vital stuff backed up, but I really don't want to lose everything!