My friend was surfing the internet last night for "coupons", yes, coupons, and after clicking on few links, she received a pop up message that appeared to be from her ISP, Time Warner Cable. The message stated something to the effect that she was now infected with a virus and for her to call TWC at the 800 number provided. Unfortunately she called the 800 number to seek help, and then dug herself a deep grave and allowed the man on the other end of the phone to remote into her computer! My heart just breaks for her. She said that she stayed on the phone with him for about 15 minutes, he told her he was removing the virus from the machine. She at that point realized she may have made a horrible decision and told the man she was going to hang up and get a friend to help her clean the virus off and the mans reply was, "Is your friend MS Certified?", she told him yes, although I am not by no means! He then tried to persuade her to stay on the phone with him as it would only take a little longer and he would be done. She told him no thank you. When she got off the phone she immediately killed the internet connection by unplugging her Ethernet cord, and shut down the computer. After she shared all this with me this morning, I advised her to call TWC and inquire about the pop up and the 800 number it provided. Just as I had feared for her, it was not legit. I am not sure what the man did in those 15 minutes he had access to her computer, can only imagine. I am going to ride over to her home when we get off work and take a look at the computer. Any advice would be greatly appreciated. I am a TECH 1 in a public school, do not work on computers that much outside of the school environment, if it was a school computer I would image it in heartbeat. I have hand cleaned a many a virus using instructions from this site and others, and Combofix is a common tool in my method of madness, but would still appreciate any good advice for her situation. Thanks.