Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Phone Scam?


  • This topic is locked This topic is locked
13 replies to this topic

#1 GameMaster

GameMaster

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 29 July 2015 - 08:23 PM

Hello,
I am a bit concerned that I may have some malware on my machine. This is very late, and I should have posted here sooner, but I have had some reasons to hold off (such as some reassurances that I didn't have malware, but they were inconsistent, with some people saying to take some action). Anyway, over a year ago I built my PC. My PC did not have an optical drive, so I had to resort to contacting Microsoft for help on how to create a USB installer for Windows 8.1 (64-bit). I proceeded to go on Google and search for Microsoft's customer support phone number. However, I do not believe I found it on the Microsoft website.
 
Now, I have called a number to the supposed customer support for Microsoft and I followed the prompts to be directed to a technician who asked me if they could remote control my laptop and go through the process of downloading the files with me. They did not seem suspicious and even told me they were from India (seems like most scammers like to say they're from the US). They formatted my USB drive and the installer started downloading. They said they could stay on the phone line and remote control program and watch it download, but after about 30 minutes to an hour, I said I could just call them back if I needed anymore help. We hung up, and that was the end of that.
 
After the process was completed, I used the USB to install Windows 8.1 on my machine, installed drivers, Avast Free and other programs. Nothing seemed out of the ordinary on the new PC or the laptop. And to this date, as far as I can tell, none of my accounts have been compromised and there seems to be no obvious signs of malware. But, my accounts aren't worth much and I haven't done any banking or even online shopping on the custom built PC. Eventually, I got Avira Free, then later, Kaspersky Internet Security 2015. Avast only triggered from what I could tell a false alarm with something with Steam, and I don't think Avira ever found anything. I just ran a full scan with Kaspersky on the custom PC and no malware was detected. I also scanned my installer USB stick and Kaspersky says it's clean. However, I'm still a bit concerned that it could be something waiting to happen, like if I ever do shop for something on my PC, credit card info could be stolen.
 
I was considering backing up all my personal files and games and reformatting both my drives and reinstalling Windows, then scanning the external drives for malware. I have an SSD as my OS drive and a 1TB storage drive with games and miscellaneous files. As for my laptop, I can't really reformat and reinstall as it came from HP and I don't have a Windows copy laying around. Norton is installed on the laptop and I can't remember any notifications telling me there's a threat.
 
Also, I do believe I may have a text file from when the technician helped me, but I'm not positive, as I don't remember the exact date I built my PC. The phone number they may have left doesn't have too much information listed online. If it's real, it must be a direct number to their specific department. Any help is appreciated. Some people in a security based IRC channel told me that an anti virus would catch it, but anti viruses aren't perfect and I'm not sure if the USB installer itself could be infected.
 
Any help is appreciated. Sorry that it took a while to explain.
 
EDIT: Actually, I'm not sure where he was based. I thought he might have said Bangladesh or something, but I can't remember.

Edited by GameMaster, 29 July 2015 - 11:00 PM.


BC AdBot (Login to Remove)

 


#2 TheN00bBuilder

TheN00bBuilder

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Overclock.net
  • Local time:01:59 AM

Posted 29 July 2015 - 08:53 PM

Do you have the phone number? Me and a group of friends call these scammers (which I am pretty sure this was) and mess around with them and its a hoot. But keep in mind, Microsoft will never call you over the phone or ask you to call them over the phone via a popup. Did they use any of these programs/domains?

 

chat123.me

 

support.me

 

lmi1.com 

 

Those are all programs that scammers use to do take control of your PC and download files. Also, Microsoft technical support is based in St. Louis, MI. If it was not from there and sounded Indian, than chances are that it was a scam.


Edited by TheN00bBuilder, 29 July 2015 - 08:53 PM.

Sorry if I snap at you. I can't stand stupid for more than 5 minutes at a time.


#3 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 29 July 2015 - 10:54 PM

TheN00bBuilder,

I have a file giving some information like a case number and phone number, but I'm not sure if it's from the time I called support. Also, they didn't call me, I called a number on Google. I am not sure which site they provided me remote control software from. He said he was from somewhere near Bangladesh or something (I can't remember) because when I was waiting for the installer to download all the needed files he showed me where he was supposedly based out of.

 

EDIT: I verified the phone number in the possible support case text file with a real Microsoft employee, and it is a valid Microsoft number. However, they could not bring up the case number, so there's no way to tell if it was the one the technician gave me. It seems that the text file was created May 3, 2014. I thought I built the PC around April, but checking some records now, I see I bought my CPU around mid-April. So, it makes sense that I may have called them on May 3rd. I still feel a bit uncomfortable with the situation though.


Edited by GameMaster, 29 July 2015 - 11:36 PM.


#4 TheN00bBuilder

TheN00bBuilder

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Overclock.net
  • Local time:01:59 AM

Posted 30 July 2015 - 01:06 AM

Well in that case, it could just be am international branch of Microsoft or whatever, but I doubt he'd make a file, really. And can't you just look in your call history and give the number to me? Lol


Edited by TheN00bBuilder, 30 July 2015 - 01:07 AM.

Sorry if I snap at you. I can't stand stupid for more than 5 minutes at a time.


#5 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 30 July 2015 - 04:03 PM

TheN00bBuilder,

It was a text file just with Microsoft Care information (phone number and case number). Also, I don't have a call history of when I called a technician over a year ago.



#6 TheN00bBuilder

TheN00bBuilder

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Overclock.net
  • Local time:01:59 AM

Posted 30 July 2015 - 04:46 PM

Oh. Give me the phone number in the text file... not too hard to comprehend.


Sorry if I snap at you. I can't stand stupid for more than 5 minutes at a time.


#7 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 30 July 2015 - 06:33 PM

Okay, lol. Like, I said, I don't know if it's from the time they assisted me with my USB installer, but here you go: "Windows Tech Dept Phone Number - 18009365700." Like I said, I'm pretty sure the employee I talked to yesterday said it's a legitimate number. Seems to just go to the default prompt now, though.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 AM

Posted 30 July 2015 - 08:12 PM

Looks like an old number...

Pay-per-incident support

If you need help after hours, or if you have used up your standard no-charge support options, you can purchase support on a per-incident basis. Support fees can be billed to your VISA, MasterCard, or American Express card....In the United States, call (800) 936-5700, 24 hours a day, 7 days a week, excluding holidays; $35 U.S. per incident.

Microsoft Help and Support
Microsoft Personal Support Phone Numbers

1-800-MICROSOFT (642-7676) is the one I provide to folks...
Global Customer Service phone numbers
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 04 August 2015 - 01:19 PM

Hello,

Okay, thanks quietman7. Like I said, though, I am not sure if that was what the representative gave me at the time. If I did say have malware on my PC that none of my anti-viruses discovered, what would be the best way to make sure it isn't on there if I reinstall Windows? Doing a full overwrite of an SSD supposedly greatly decreases it's lifespan. Furthermore, I have plugged USB drives from this PC into others in our home and all the PCs are on the same network.

 

EDIT: I also have a 1TB WD Black HDD on my PC for things that I don't care if they are on my SSD.


Edited by GameMaster, 04 August 2015 - 01:20 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 AM

Posted 04 August 2015 - 02:03 PM

If you want a comprehensive look at your system for possible malware, there are advanced tools which can be used to investigate but they are not permitted in this forum. Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 07 August 2015 - 12:43 PM

Does that program collect personal information like saved-on-system usernames and passwords such as if I had a program or website automatically log me in?



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 AM

Posted 07 August 2015 - 02:17 PM

No it doesn't collect info on passwords. See this example FRST log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 GameMaster

GameMaster
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois, United States
  • Local time:01:59 AM

Posted 11 August 2015 - 11:34 AM

Thank you for your help. Here is the new topic in the "Virus, Trojan, Spyware, and Malware Removal Logs" section. Sorry that it's a bit late. I thought I posted it on this thread already. 



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 AM

Posted 11 August 2015 - 02:50 PM


Now that your new topic is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the information or any log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers but your topic will be reviewed and answered as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

I advise checking your new topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users