Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flummoxed...


  • Please log in to reply
No replies to this topic

#1 LH47

LH47

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 23 March 2016 - 11:56 AM

Weird.

 

This is an HP quad laptop with Win 10, brand new on Feb 1, 2016. I set it up all optimized, installed Office 360 and Trend Micro (not my recommendation, but they had already paid for it). I wrote down detailed instructions on how to DL, install, and run MBAM. But she never ran it. She is a literature geek who researches some very strange and esoteric stuff. But a luddite...

 

On Feb 27, her AV filtered some threats from a Tor redirect in Panama.

 

Then 2 weeks ago, she got a pop-up with audio warning her of many threats etc etc. She fell for it, and called them. They walked her through installing GoToAssist, then spent 30 minutes in her system doing God-knows-what  And then (happily) only charged her $150 on debit.

 

She finally got worried and contacted her bank. Then called me.

 

I can't find anything! Nothing! No apps, only a shortcut for GoToAssist, but the app is not installed... The event viewer only goes back to March 19, and there are no restore points. No history in any security software, and Malwarebytes (which she did install) was gone. Only a shortcut left.

 

I'm not sure what these bad guys call themselves, just "IT -something...". Can't find any traces of them.

 

So I ran MBAM, Spybot, ADW cleaner, and a few others. They found nothing. I mean NOTHING. They always find at least a few cookies, but NOTHING. ????

 

So I ran MBAR, and it found 6 rootkits (trojans, etc). THen I ran MBAM again, and it found one thing. So I ran MBAR again, and it found another, and now I'm assuming that I'd better reset the PC.

 

But huh? When she contacted her bank, did they remote back into her system and erase all tracks? How did they get GoToAssist off there? Only the shortcut was left.

 

Strange....


Edited by Orange Blossom, 24 March 2016 - 12:44 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users