Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tech Support Phone Scam


  • This topic is locked This topic is locked
5 replies to this topic

#1 jackdup

jackdup

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 06 September 2014 - 07:36 PM


I don't know how many people have had an issue with the phone call from tech support and they want access to your computer and then they essentially lock it and you need a password to get access again and the only way to get the password is to pay them.

A friend called tonight and she was taken in by the scam. Her immediate concern was to get her pictures and other personal documents off of the computer. I have no idea what these people do or if it is just a matter of getting the password and once input everything is okay?

Anyway I took her drive out and connected it to my computer and copied off all of her personal data to a flash drive. I ran Malwarebytes and selected only drive E, which is her drive, but the only problems it showed were on Drive C. I have no idea how it detected issues on Drive C as I had unselected Drive C and only selected Drive E for a scan.

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Second is there a way to access the control panel on her drive with it still being connected to my computer to make a recovery disk for her drive, as like most people she didn't bother making a recovery disk set so if it has to be reformatted and the OS reinstalled she has no disks? It has a partition on the drive which I assume may the recovery information but the only visible folders are system volume information and recycle bin and I do have the appropriate boxes checked so I can see hidden files and operating system files. The computer is an ASUS.

Where is the start menu stored on her computer so I can find the actual shortcut for creating the recovery disk to see what it runs and try to run it that way to make a recovery disk in case it is the only way to recover her computer. I have found more than one start menu folder but they all have the arrow inside which I assume means it is actually in a different folder elsewhere on the drive but have been unable to find a start menu that I can open as they all say access denied.

Thank you



BC AdBot (Login to Remove)

 


#2 Joe C

Joe C

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 07 September 2014 - 07:23 AM

You'll probably need to look for your self because getting around passwords is frowned around here, I think I can guide you to a safer place to look, rather than searching questionable places on the net and ending up worse off than you are, but the rest is up to you

http://www.ultimatebootcd.com/


Edited by Joe C, 07 September 2014 - 07:25 AM.


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:16 PM

Posted 07 September 2014 - 08:32 AM

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Does it looks like this?:
post-219189-0-44271600-1408822172_thumb.
 
If so, then there's a chance.
 
What operating system is this too?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 jackdup

jackdup
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 07 September 2014 - 10:11 AM

 

So the first question is, is there a way around the password and to be able to remove it without reinstalling the OS. or recovering from a set of recovery disks?

Does it looks like this?:
post-219189-0-44271600-1408822172_thumb.
 
If so, then there's a chance.
 
What operating system is this too?
 
xXToffeeXx~

 

Yes it looks exactly like that and it is Windows 8.1

 

Thank you



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:16 PM

Posted 07 September 2014 - 01:14 PM

Hi jackdup,

 

You'll need to create a new topic here detailing what happened and what operating system. You can link to this topic if you wish.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:16 AM

Posted 07 September 2014 - 07:51 PM

Your new topic is posted here.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users