Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scammers got remote access how safe am I now?


  • Please log in to reply
7 replies to this topic

#1 rainycat

rainycat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 March 2016 - 12:43 PM

HI

 

My trusting husband fell for the scam where a pop up window told him that there was a problem with his computer and to call a number pretending to be Microsoft. He called them and gave them remote access to our computer. He  paid the $300.00 to fix the problem. Of course it was not Microsoft he was talking to. It was a "company" called ProTekt. I came home right after the computer had to be rebooted. At the point that I came in stopzilla (presumably)  was waiting to be installed and the mouse curser was moving around the screen. I immediately turned off the computer. The person he was dealing with started calling and have called a few times since but I have not picked it up. We immediately drove to a safe computer (30 min drive) to reset all important account passwords. I called my credit card company and have also put a fraud alert with all credit reporting agencies. I disconnected the computer from the internet and took a look at what they did:

 

They uninstalled my virus software and installed what appears to have been support.com , wisecare, malwarebytes and total uninstall 6 and stopzilla software. They also seemed to erase all my foxfire settings. They created an  "old firefox" floder.  Who knows what they really loaded. I had previously been dealing with some drive errors that were preventing me from creating or using restore points. This is one reason my husband fell for the scam. He knew we had been having problems. Anyway I decided to restore windows 7 to factory settings. My computer did not come with disks so I did it from the restore program. I chose the complete reformat option. I did reluctantly allow windows to install norton because I was worried about not having any protection. I have ran norton, malwarebytes and avast and the system seems clean. I reset my router passwords and set my firewall to the highest level.

 

I am still feeling unsafe. Since windows was loaded from the computer itself could they have gotten to the restore file and put spyware on it? My understand is that it is hard to do but that they could have installed something on my MBR. Could they have gotten into my email? What could they have done in it before I managed to change the password? Should I get a whole new email account? I have not seen any unusual activity in my email except that I just got a phony email pretending to be from paypal telling me that my password and security questions had been changed. They wanted me to hit a link to get a phone number to call if I had not been the one to make the changes. Instead I went to paypal.com and got the number from there where they told me that no changes had happened. That makes me feel that they at the very least got my email address. How concerned should I be? Should I just go get a new computer to put my mind to rest? I do not want to type any credit card numbers into the computer or log into any accounts out of fear that they will be able to see it. For example paypal suggested that I lof inot my account and change my password but I do not want to so that if they can see what I am doing and will just get the new password. The credit card associated with paypal has been canceled and the attached checking account was closed long ago but I still feel uncomfortable doing anything like that. Am I being overly cautious?

 

The protekt people have called at least two times and let the phone ring once maybe twice before hanging up. Are they trying to see if they are able to still remotely connect? Their last call was on Friday.

 

I am sorry that this is so long. This has been very stressful few days and my husband feels like such a fool. It is such a horrible feeling. Any advice would be appreciated.



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:09 PM

Posted 07 March 2016 - 12:58 PM

  You did a clean rollback?  Meaning restoring Windows OS to the before-the-phone-call state, correct?  If so, you're probably ok from that vantage point.  Did you also change your modem/router hardwire & wireless access password[s]?

  What kind of backup images are you making?  I'm hoping you are making OS-partition images and data partition images onto at least one if not two usb external hard-drives - at least bi-monthly.


Edited by RolandJS, 07 March 2016 - 01:03 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 rainycat

rainycat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 March 2016 - 01:22 PM

Thank you for the quick response. Yes I did a complete new install of windows including a reformat of the hard-drive. I think I changed all my router passwords and made sure that no remote access is allowed on the router of the computer. I am going to go double check the hardwire username and password. I think I know what you mean by that. Would they be able to log in that way even if I have all remote access turned off? I had changed everything that my service provider said that I could although the service provider tech I was talking to said that with my settings know one who did not have assess to my wifi or phyical access to my router would be able to do anything. I am not sure if I am making sense.

 

It is that" probably ok" that gets me. Am I always going to wonder? Will I ever feel safe? I guess those are questions that only I can answer. I was thinking to myself right after I posted the question, "why would you trust anything people on the forum say, they could be the same hackers messing with you." I hope forum members do not take that though personally. I think you would agree. I am thinking I should use this as an excuse to get a new compute or at least new hardrive. All my files and programs are gone now anyway. I did have most of my important documents and pictures backed up on a safe disk. I have not put them back on yet and will not until I know all is ok



#4 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:09 PM

Posted 07 March 2016 - 01:41 PM

Because nothing can ever be 100% AOK all the time, that's what I meant by "probably ok."  You did everything I would have done!  I actually learned a couple things from your thoroughness!  Later on, maybe start a thread in the forum concerning the computer problem[s] that the computer was having before the scam-call. 


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#5 rainycat

rainycat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 March 2016 - 02:08 PM

I do think that it is very possible that the computer problems I was having is connected to all of this. It could have been caused by them. Also,  some software that I downloaded from the Microsoft website in an attempt to fix the problem could have put some malware on my computer that cause the pop-up notice that my husband then responded to. As you say that is a whole other topic for discussion.



#6 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:09 PM

Posted 07 March 2016 - 02:16 PM

Stuff from a 3rd-party source, claiming to be a Microsoft valuable player?

[edited by me]


Edited by RolandJS, 07 March 2016 - 03:37 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 JohnC_21

JohnC_21

  • Members
  • 24,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 PM

Posted 07 March 2016 - 02:40 PM

I would call your credit card company and demand a charge back. Tell them the card was charged by people pretending to represent Microsoft. I don't think you would need a new email account if you changed the password. If your email account allows, give it two-factor authorization. Gmail allows you to do this. After entering the password it is required to input a code received via text message or voice.

 

You have done about all you can do. I doubt downloading anything from Microsoft infected the computer. If you are afraid of entering information like credit cards or bank account passwords create a bootable live linux DVD. Using a live linux disk you are assured of using a clean startup.

 

There are a number of live linux distros you can try. Linux Mint and Ubuntu are a couple you can try. You can burn the iso on a Windows 7 or later computer by right clicking and selecting Burn Disk Image.

 

Linux Mint 17.2 Cinnamon

 

Ubuntu  Desktop 14.04 LTS   also used for laptops. I currently use Ubuntu installed on an old desktop to do my banking. Running off the DVD will be somewhat slower than running off a hard drive.

 

I don't know what your computer make and model is but if it a recent computer with at least 1GB of RAM both of the above will run fine. If your computer had Windows 8 preinstalled then you will need to disable SecureBoot in BIOS.



#8 rainycat

rainycat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 07 March 2016 - 02:44 PM

I wish I could remember the name of the software I downloaded but I got it from the Microsoft.com website but something I read later (on this site I think) made me suspicious about it. . It might not have been the problem and just a coincidence.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users